On Thu, 21 Apr 2011, Karanbir Singh wrote:
On 04/21/2011 09:26 AM, Johnny Hughes wrote:
Other workarounds for this particular issue have just been suggested here: http://lists.centos.org/pipermail/centos/2011-April/110547.html http://lists.centos.org/pipermail/centos/2011-April/110551.html
I find it strange that people are making such recommendations. A non verifyable signature is a MASSIVE deal. Working 'around' that is to stop doing what you are doing, and not do any package centric operation till the issue is fixed and resolved in an acceptable manner.
It's all too often the advice you'll see. On Spacewalk, the standard response to dealing with unsigned (or signed with an unimported key) is to disable all gpg checks. It's cringeworthy, and wrong on so many levels.
jh