Trusting Package Integrity
About
All RPM Fusion packages are digitally signed with a secure GPG signature, which by default yum will verify before installing. These signatures ensure that the packages you install are what was produced by RPM Fusion and have not been altered (accidentally or maliciously) by any mirror or website that is providing the packages.
For more details regarding signing and verifying rpm keys see the documentation that the Fedora projects provides.
Verify
If you have newly installed the rpmfusion-*-release.rpm repo packages, and wish to verify its keys, check the fingerprints below.
Current Keys
RPM Fusion free for Fedora
Download; key in pgp.mit.edu; fingerprint:
pub 1024D/49C8885A 2008-07-12 Key fingerprint = 870F EA14 0067 8204 7151 BA87 8550 99B2 49C8 885A uid RPM Fusion repository (Fedora - free) <rpmfusion-buildsys@lists.rpmfusion.org> sub 2048g/A2F04C4B 2008-07-12
RPM Fusion nonfree for Fedora
Download; key in pgp.mit.edu; fingerprint:
pub 1024D/B1981B68 2008-07-12 Key fingerprint = 1CF2 6645 C90E 3A34 D518 6273 206F 8182 B198 1B68 uid RPM Fusion repository (Fedora - nonfree) <rpmfusion-buildsys@lists.rpmfusion.org> sub 2048g/71458DC6 2008-07-12
RPM Fusion free for EL
Download; key in pgp.mit.edu; ; fingerprint:
pub 1024D/E74F0522 2008-07-12 uid RPM Fusion repository (EL - free) <rpmfusion-buildsys@lists.rpmfusion.org> sub 2048g/02887B6A 2008-07-12
RPM Fusion nonfree for EL
Download; key in pgp.mit.edu; ; fingerprint:
pub 1024D/AB194290 2008-07-12 uid RPM Fusion repository (EL - nonfree) <rpmfusion-buildsys@lists.rpmfusion.org> sub 2048g/CDE795B5 2008-07-12