21 Apr
2011
21 Apr
'11
3:34 p.m.
Not updating is entirely sensible and sounds like the best default position. Installing a package you'd expect to be signed when it isn't signed should ring alarm bells.
I agree that my first answer was probably wrong, even with all disclaimers and warnings.
I thought of a technical way (--nogpgcheck) to solve the issue, whereas the right answer was definitely procedural (as you point out, not updating, what I would have done on my own systems).
I apologize, but I did my best...
Freedom includes being free to make poor decisions.
I fully agree with you.