Stop changing RPM repository signing key all the time
Almost everytime I run "dnf update" on my system, the ProtonVPN repository signing keys have changed.
I have to validate them again and again, without knowing if the key I'm allowing is really the good one (I even don't know where to look for the actual one).
I think I'm not the only one trusting the new signing key blindly every because I'm annoyed, which is terrible from a security standpoint.
Please keep your signing keys longer, as every sane repository does.
3
votes
Potato
shared this idea
-
Jethalal Gada commented
yeah i am fed up with the keys changing all the time, also as mentioned its just really bad from a security point of view as bcz of this people would get used to accepting keys without checking them.