Mathieu Baudier wrote:
Package libuser-0.54.7-2.1.el5_5.2.x86_64.rpm is not signed
You could use --nogpgcheck but this is really weird that some packages are not signed.
It may mean that the package is not from the trusted source, so you should not use --nogpgcheck on a "serious" environment.
Yes, that's what I thought too about not disabling gpg. yum info on the package reports that the update is coming from the 'updates' repo, and that repo is configured to be:
[updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&rep... #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
This is all the default settings from a fresh install; I'm not aware that anything changed in these configs.
If this package is not signed, then I guess other people should be able to reproduce the problem if they point to the default repos, right? Or maybe it is something on my system's config that is different?
Thanks again! Andre
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos