On 12/01/17 16:16, Johnny Hughes wrote: > On 01/06/2017 03:49 AM, Laurentiu Pancescu wrote: >> Would it be ok in this form? The only disadvantage I see is being asked >> to trust the official CentOS key several times during the first "yum >> update" (instead of just once). > > Right, the only real issue is more trust requests for the same key. Then, which is the earliest time we could enable this? 7.4? I tried to avoid the "importing key" prompt by importing the key in advance, according to the documentation I found: # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # rpm -qa gpg-pubkey* gpg-pubkey-f4a80eb5-53a7ff4b # rpm -qi gpg-pubkey-f4a80eb5-53a7ff4b Name : gpg-pubkey Version : f4a80eb5 Release : 53a7ff4b Architecture: (none) Install Date: Thu 12 Jan 2017 04:16:24 PM UTC Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : Mon 23 Jun 2014 10:19:55 AM UTC Build Host : localhost Relocations : (not relocatable) Packager : CentOS-7 Key (CentOS 7 Official Signing Key) <security at centos.org> Summary : gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security at centos.org>) Description : [skipped due to verbosity] But I'm still asked during the first "yum update", several times for the same key - the fingerprint displayed during each prompt matches the key I had already imported. Could anyone shed some light on what's going on? Perhaps because we have a gpgkey setting in the .repo file? Thanks, Laurențiu