-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
It's logistically difficult to sign the repodata... but of course it could be done.
Many, if not all of the things they mention (I can't seem to find a link to the orig USENIX pdf thats still valid to be sure) were fixed by us moving to using metalinks by default.
The metalink is fetched over https and the ssl certs are checked. The metalink has checksums of the current and previous repodata only.
While transport layer security is certainly weaker than gpg signatures (depending on where you store your private keys) it is certainly addresses the easiest MITM attacks.
Is there any kind of certificate pinning in place when verifying the certificate of https://mirrors.fedoraproject.org or can the certificate be from any trusted CA?
Thanks for your explanation!