Information
Most packages managers implement GPG key signing to verify package integrity during
installation.
Rationale:
It is important to ensure that updates are obtained from a valid source to protect against
spoofing that could lead to the inadvertent installation of malware on the system.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Update your package manager GPG keys in accordance with site policy.