While for the release repository we do have RPM GPG checking enabled,
there are various attacks one can mount if one controls unsigned
repodata; http://theupdateframework.com/ talks about that.
Fedora does set up a redirect, but this ensures we use it from
the start for stronger security.
While for the release repository we do have RPM GPG checking enabled, there are various attacks one can mount if one controls unsigned repodata; http://theupdateframework.com/ talks about that.
Fedora does set up a redirect, but this ensures we use it from the start for stronger security.