Describe the problem
When you use Gnome software it will complain that the RPM package isn't signed. This isn't the end of the world but it got me thinking about security and resistance to supply chain attacks. Having a GPG signed package should help to prevent a malicious update assuming that the key is properly protected.
To Reproduce
Edit /etc/yum.repos.d/netbird.repo on Fedora to force GPG package checks.
Describe the problem When you use Gnome software it will complain that the RPM package isn't signed. This isn't the end of the world but it got me thinking about security and resistance to supply chain attacks. Having a GPG signed package should help to prevent a malicious update assuming that the key is properly protected.
To Reproduce
Expected behavior There should be a GPG key for RPM packages that DNF can use to verify packages. Here is a brief article about it: https://www.redhat.com/sysadmin/rpm-gpg-verify-packages
Are you using NetBird Cloud? This shouldn't matter
NetBird version Netbird 0.26.3