[CentOS] rpm libuser-devel is not signed

Thu Apr 21 13:44:38 UTC 2011
Johnny Hughes <johnny at centos.org>

On 04/21/2011 08:34 AM, Mathieu Baudier wrote:
>> Not updating is entirely sensible and sounds like the best default position.
>> Installing a package you'd expect to be signed when it isn't signed should
>> ring alarm bells.
> 
> I agree that my first answer was probably wrong, even with all
> disclaimers and warnings.
> 
> I thought of a technical way (--nogpgcheck) to solve the issue,
> whereas the right answer was definitely procedural (as you point out,
> not updating, what I would have done on my own systems).
> 
> I apologize, but I did my best...
> 
>> Freedom includes being free to make poor decisions.
> 
> I fully agree with you.

Maybe this would work out:

yum --nogpgcheck update libuser-devel

then you can update everything else later with gpg on.

Although, like I said, this particular issue has now been corrected.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20110421/da822936/attachment-0005.sig>