Potential Accidental Install of Unsigned Package

[Yiyi50]

I'm running qubes 4.0 on a Purism Librem 13 v4. I've installed updates for my templates without necessarily reading everything in the terminal before clicking "y". How concerned should I be of having inadvertently installed an unsigned package? Is there a command i can run to check the signatures on all my installed packages? I should mention that I'm relatively new to linux and qubes. How common is the installation of unsigned packages in Fedora or Debian? Does the qubes team audit/review all template updates?

[awokd]

'Yiyi50' via qubes-users:

> I'm running qubes 4.0 on a Purism Librem 13 v4. I've installed updates for my templates without necessarily reading everything in the terminal before clicking "y". How concerned should I be of having inadvertently installed an unsigned package? Is there a command i can run to check the signatures on all my installed packages? I should mention that I'm relatively new to linux and qubes. How common is the installation of unsigned packages in Fedora or Debian? Does the qubes team audit/review all template updates?
>

If you haven't gone out of your way to add repos to your templates, you
would be using the default repos, which require signed packages. Your
chances are basically nil. No-one from Qubes audits updates that are not
from Qubes (with the possible exception here or there for security
critical ones like Xen); that is up to the maintainers of packages in
each distribution (Fedora/Debian).

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots