Description of problem: Both fedora.repo and fedora-updates.repo for Fedora 25 include "gpgcheck=1" in the repo definition file. But most of the packages doesn't seem to be signed. $ sudo dnf install vim ... Error: Package vim-enhanced-7.4.1989-2.fc25.x86_64.rpm is not signed That means that in order to install anything, you need to pass --nogpgcheck to dnf command line. It also means gnome-software can't be used at all (I haven't checked KDE's graphical package manager). The packages should be either signed, or fedora-repos should claim gpgcheck=0 for the repositories. Once the repos get signed, fedora-repos can be updated. I don't remember having to use --nogpgcheck for Alphas in the past, so I assume this is not the state we want to release F25 Alpha in. It might also violate: "The installed system must be able to download and install updates with the default console package manager. " https://fedoraproject.org/wiki/Fedora_25_Alpha_Release_Criteria#Updates provided we don't want all people to be aware and get used to using --nogpgcheck. Version-Release number of selected component (if applicable): fedora-repos-25-0.5.noarch How reproducible: always Steps to Reproduce: 1. dnf install vim (or probably almost anything else)
Please note that this might also cause bug 1367780 and probably some others. This makes pre-release testing unnecessarily difficult. I'd like to see fedora-repos to reflect the true state of our repositories, not a state we wish they would be in.
the repos are all signed, there was issues with the compose that was causing the new signed packages to no go to mirrors. That was fixed yesterday so once the mirrors catch up the problem should go away
Note that we actually haven't had a sucessfull compose since the signatures should all be there... but hopefully very soon. :)