On Sat, Jan 1, 2022 at 5:51 AM Vitaly Zaitsev via devel devel@lists.fedoraproject.org wrote:
On 31/12/2021 20:03, Nico Kadel-Garcia wrote:
Sounds like, if this is enabled, they'll need a GPG key associated with their personal repository.
Locally built packages are always unsigned.
They don't have to be, but yes, by default they are.
And note, you can already configure DNF to require GPG validation of local packages by setting localpkg_gpgcheck=1 in dnf.conf.