The specter of more events like the SolarWinds
supply-chain attacks is something that concerns many in our
communities—and beyond. Linux distributions provide a supply chain that
obviously needs to be protected against attackers injecting malicious code
into the update stream. This problem recently came up on the Fedora devel
mailing list, which led to a discussion covering a few different topics.
For the most part, Fedora users are protected against such attacks, which
is not to say there is nothing more to be done, of course.

Source: LWN.net – [$] Fedora and supply-chain attacks