Re: [CentOS-devel] repo_gpgcheck for centos repos?

On Fri, Sep 4, 2020 at 1:10 PM Brian Stinson brian@bstinson.com wrote:

While we want signed repodata to be *available* to folks who want to enable it, We don’t want it necessarily to be the default for all users. We want it to be a decision that folks make for their own sites.

This is a very bizarre stance to take. Enabling repo_gpgcheck for the CentOS provided repos in their repo files should not harm anything else, and only further ensures the integrity of the repository content.

Is there a compelling reason to *not* change the defaults? Because from my perspective, I don't see any.

-- 真実はいつも一つ！/ Always, there's only one truth!