On 04/21/2011 08:34 AM, Mathieu Baudier wrote:
Not updating is entirely sensible and sounds like the best default position. Installing a package you'd expect to be signed when it isn't signed should ring alarm bells.
I agree that my first answer was probably wrong, even with all disclaimers and warnings.
I thought of a technical way (--nogpgcheck) to solve the issue, whereas the right answer was definitely procedural (as you point out, not updating, what I would have done on my own systems).
I apologize, but I did my best...
Freedom includes being free to make poor decisions.
I fully agree with you.
Maybe this would work out:
yum --nogpgcheck update libuser-devel
then you can update everything else later with gpg on.
Although, like I said, this particular issue has now been corrected.