[CentOS-devel] Checking signed repo metadata by default?

5 Jan 2017


      Hi there,
I stumbled upon an older post by Johnny Hughes about gpg-checking the 
repository metadata. [1]  In the mean time, we seem to have signed 
metadata not only for "updates", but also for "base", "extras" and 
"centosplus" (just the "base" signature for CentOS Linux 6 is missing).
What are the reasons for not enabling the repo gpg check in our default 
installation?  Would it be a bad idea to do that in our Vagrant images?
Best regards,
Laurențiu
[1] 
https://seven.centos.org/2015/05/signed-repository-metadata-is-now-available...

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[CentOS-devel] Checking signed repo metadata by default?