Hi,
at least nightly fedora repo is not signed (i didn't look at the other
ones but I suspect that all other repos are also unsigned). We should
establish package signing infrastructure and we should also publish
signing key fingerprint on SSL/TLS-secured page to prevent any MITM
attack aimed on ovirt repo users.
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24