On 06/21/2016 10:04 PM, Antonio M wrote:
a silly question, how do you understand that a package is signed in
any
repo?? apart from the warning of dnf, of course....
That would be the primary way. Otherwise, if you have rpmdevtools
installed, you can download the rpm and run rpmdev-checksig on it.
That's what I used to check some rpms from rpmfusion to determine that
they aren't signed.