Germano Massullo wrote:
VLC package shipped by RPMFusion is missing a chain of trust with
HTTP Source URLs are very common in packages (there are probably dozens of
upstreams still not even supporting HTTPS at all, or using a self-signed or
otherwise invalid certificate), and most upstreams do not sign their
releases at all. So why are you singling out VLC in particular? This is just
how things are in the real world, not much we as downstream can do about it.