To assist our users in verifying the authenticity of our software releases, we digitally sign them. As of Fedora 3.3, this is part of the Fedora Release Process, and requires that the committer doing the final build for distribution uses their code signing key.
We have borrowed heavily from the release signing policy used by the ASF.
When generating your code signing key:
Once generated, you should:
Carefully follow the instructions here to generate your key.
Note: Popular binaries for GnuPG 2.x can be found here: