Hi there, I stumbled upon an older post by Johnny Hughes about gpg-checking the repository metadata. [1] In the mean time, we seem to have signed metadata not only for "updates", but also for "base", "extras" and "centosplus" (just the "base" signature for CentOS Linux 6 is missing). What are the reasons for not enabling the repo gpg check in our default installation? Would it be a bad idea to do that in our Vagrant images? Best regards, Laurențiu [1] https://seven.centos.org/2015/05/signed-repository-metadata-is-now-available-for-centos-6-and-7-for-the-updates-repo/