Feedback for “FAQ”

[andrewclausen]

Is there a recommended way to obtain the Terra repo signing public key securely?

For example, is there a "terra" package that can be installed from RPMfusion, or a package like distribution-gpg-keys (on Fedora) that creates a secure chain of signatures?

The download page recommends some command with --nogpgcheck, which is fairly weak. (I assume it relies on trusting both the SSL CA ecosystem and your web servers.)

[madonuko]

In any case you are still getting gpg keys from the internet. The command on the download page installs the terra-release package from our official main repository (repos.fyralabs.com). Only this bypasses the gpg checks. Once installed, all other packages come with GPG checks.

If you are looking for the public key directly: https://repos.fyralabs.com/terra42/key.asc