diff --git a/Trusted_parts.md b/Trusted_parts.md
index 563e9d18..5a038322 100644
--- a/Trusted_parts.md
+++ b/Trusted_parts.md
@@ -25,7 +25,7 @@ Trusted non-Qubes-specific components
 -   network PV frontends (exposed to potentially compromised netvm) and backends
 -   block backend implemented in dom0 kernel
 -   integrity of Fedora packages (meaning, they are not trojaned)
--   rpm and yum in dom0 must correctly verify signatures of the packages
+-   rpm and yum (both in dom0 and in VMs) must correctly verify signatures of the packages
 
 At the current project stage, we cannot afford to spend time to improve them - all we can do is to limit the number and extent of these components.