How trustworthy are Fedora Legacy resources?
Fedora Legacy is a community based project. As such, it is run by the community, and the people involved may change at any time without warning. To be sure the output of this type of system is correct, strict procedures must be followed, and all submissions must be “signed” so as to identify the creator. Groups of maintainers will produce signed updates for their packages; these updates will undergo Quality Assurance (QA) testing as well as general user testing before being released. Only once we’ve received signed testing data verifying the update can it be released. Digital signatures at each step of the process help ensure the integrity of the process. To be sure Fedora Legacy resources are trustworthy, the use of GPG keys is used when and where possible. For more information, please see the Security page about GPG validation before trusting any Fedora Legacy resources.