All Fedora's GPG key - starting with Fedora 27 - are now stored in
fedoraproject.org
DNS record and can be verified
using DNSSEC.
Why? How it can be used? That is long story and you can read about it in my blog entry:
http://miroslav.suchy.cz/blog/archives/2021/02/11/verify_package_gpg_sign...
Few last minutes notes here:
- there are still some gotchas which should be fixed. But enough code is already in
production - you can play with it
now. Relevant issues are linked in the blog post.
- the DNF team is migrating their code to libdnf, I do not have any guarantee when this
piece of code will be
migrating - so we are far from enabling this by default.
Comments are welcomed.
--
Miroslav Suchy, RHCA
Red Hat, Associate Manager, Community Packaging Tools, #brno, #fedora-buildsys