[$] Fedora and supply-chain attacks

The specter of more events like the SolarWindssupply-chain attacks is something that concerns many in ourcommunities-and beyond. Linux distributions provide a supply chain thatobviously needs to be protected against attackers injecting malicious codeinto the update stream. This problem recently came up on the Fedora develmailing list, which led to a discussion covering a few different topics.For the most part, Fedora users are protected against such attacks, whichis not to say there is nothing more to be done, of course.