Our current implementation does not serve the function of verifying that the package comes from us. The main issue is that we ship our public key in-band with the package to be verified, and don't explicitly provide any way of trusting that key. This actually ends up being worse than doing nothing at all, since we now allow for third-party distribution of the server software (bug #8155). This makes it trivial for a malicious actor to distribute a package which can be falsly "verified" as genuine, at least according to the way in which we currently intend our public key to be used. While other approaches may be imperfect, they at least give users a way to determine for themselves how much they trust the key. They also don't provide attackers with an opportunity to exploit an incorrect implementation of PKI (and we avoid the poor optics of promoting one). Such approaches are familiar and commonly used. We should stop shipping our public key in the server bundle, as doing so provides no benefit to users and introduces a potential vulnerability. We can then consider other means of distributing our public key for those users who want to verify the RPM signature.
