Yum/dnf repository basic question

Version info of my Fedora Installation:

[ sysadmin@localhost ~]$ cat /etc/fedora-release
Fedora release 30 (Thirty)

[sysadmin@localhost ~]$
[sysadmin@localhost ~]$ uname -a
Linux localhost.localdomain 5.0.17-300.fc30.x86_64 #1 SMP Mon May 20 15:36:26 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

When I ran “dnf repolist”, i got the below message related to importing GPG key for my atom editor application.
I am bit curious on why I got this message when all I did is listing the repositories. What does it mean?

[sysadmin@localhost ~]$ dnf repolist
Adobe Systems Incorporated                                                                1.4 kB/s | 1.9 kB     00:01
Atom Editor                                                                               245  B/s | 833  B     00:03
Atom Editor                                                                               4.4 kB/s | 3.8 kB     00:00
Importing GPG key 0xDE9E3B09:
 Userid     : "https://packagecloud.io/AtomEditor/atom (https://packagecloud.io/docs#gpg_signing) <support@packagecloud.io>"
 Fingerprint: 0A0F AB86 0D48 5603 32EF B581 B754 42BB DE9E 3B09
 From       : https://packagecloud.io/AtomEditor/atom/gpgkey
Is this ok [y/N]:

Importing of repository GPG Keys is triggered on any request to access the repository. When you run ‘repolist’, DNF will try to download metadata from the repository. If the repository has their things signed by way of GPG, DNF will try to import the Key.

You can disable the use of GPG key validation by setting gpgcheck=0 within the specific repository, but I would try and avoid this.

1 Like