Trusting Package Integrity
About
All Livna/RPMFusion packages are digitally signed with a secure GPG signature, which by default yum will verify before installing. These signatures ensure that the packages you install are what was produced by RPMFusion and have not been altered (accidentally or maliciously) by any mirror or website that is providing the packages.
Verify
If you have already trusted the Livna keys (provided by livna-release), and have been transitioned to RPMFusion (rpmfusion-*-release) via a yum update, then you can also trust the RPMFusion keys by association.
If you have newly installed the rpmfusion-*-release.rpm repo packages, and wish to verify its keys, check the fingerprints below.
Current Keys
RPMFusion free
pub 1024D/49C8885A 2008-07-12 Key fingerprint = 870F EA14 0067 8204 7151 BA87 8550 99B2 49C8 885A uid RPM Fusion repository (Fedora - free) <rpmfusion-buildsys@lists.rpmfusion.org> sub 2048g/A2F04C4B 2008-07-12
RPMFusion nonfree
pub 1024D/B1981B68 2008-07-12 Key fingerprint = 1CF2 6645 C90E 3A34 D518 6273 206F 8182 B198 1B68 uid RPM Fusion repository (Fedora - nonfree) <rpmfusion-buildsys@lists.rpmfusion.org> sub 2048g/71458DC6 2008-07-12
Old Keys
Livna
pub 1024D/A109B1EC 2003-09-21 Key fingerprint = 037B 5D9B E1B6 B673 2A23 13B5 7129 5441 A109 B1EC uid Livna.org rpms <rpm-key@livna.org> sub 1024g/0351F130 2003-09-21
More Info
1. https://www.redhat.com/archives/fedora-list/2008-November/msg00215.html
2. https://www.redhat.com/archives/fedora-list/2008-November/msg00205.html