Hi,
I wonder if it would be not beneficial enabling repo_gpgcheck for all centos repos? A short cross check shows that also SIG repos have repomd.xml signed. mirror.centos.org has no TLS enabled and repo_gpgcheck would add an additional security layer per default? This could be started for EL8? Or are there any barries?
-- Thanks Leon