Hey everyone! I just did a fresh install of Fedora and I'm planning to install some packages using DNF while connected to public WiFi. I got prompted to import some keys, but I'm not sure if those are from my OS or from the packages I downloaded. Does Fedora come with its own keys? Are they updated when I install new packages or update existing ones? I'm a bit concerned that I might be tricked into installing malicious packages, so any insights would be appreciated!
3 Answers
By the way, if you're looking for more resources, there's a useful page in our wiki that might be helpful. Just make sure to back up your data regularly and experiment in a VM before trying new commands!
The keys you're prompted to import come from the repository server that provides updates, which helps verify the packages' authenticity. They periodically renew keys, which is why you see that prompt. You can always double-check the key information at the Fedora security page. The encryption used for the keys keeps your connection safe regardless of whether it's a public WiFi!
You're in the clear! Fedora's package manager is designed to handle potential man-in-the-middle attacks. Most mirrors use HTTPS, so you’re less likely to encounter tampered packages. Importing keys is a normal part of the process to confirm the packages are legitimate, so no worries there!
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux