This occurred to me while I was upgrading using the CLI instructions [1] and got prompted with:
[SKIPPED] sudo-1.8.18p1-1.fc25.i686.rpm: Already downloaded [SKIPPED] the_silver_searcher-0.33.0-1.fc25.i686.rpm: Already downloaded [SKIPPED] tzdata-2016i-1.fc25.noarch.rpm: Already downloaded [SKIPPED] tzdata-java-2016i-1.fc25.noarch.rpm: Already downloaded warning: /var/lib/dnf/system-upgrade/dmidecode-3.0-5.fc25.i686.rpm: Header V3 RSA/SHA256 Signature, key ID fdb19c98: NOKEY Importing GPG key 0xFDB19C98: Userid : "Fedora 25 Primary (25) fedora-25-primary@fedoraproject.org" Fingerprint: C437 DCCD 558A 66A3 7D6F 4372 4089 D8F2 FDB1 9C98 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-i386 Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test
Since the installation instructions urge users to validate the download [2] would it make sense to add something similar [3] to the DNF wiki as the very first step?