On Fri, Sep 4, 2020 at 1:10 PM Brian Stinson <brian at bstinson.com> wrote: > > While we want signed repodata to be *available* to folks who want to enable it, We don’t want it necessarily to be the default for all users. We want it to be a decision that folks make for their own sites. > This is a very bizarre stance to take. Enabling repo_gpgcheck for the CentOS provided repos in their repo files should not harm anything else, and only further ensures the integrity of the repository content. Is there a compelling reason to *not* change the defaults? Because from my perspective, I don't see any. -- 真実はいつも一つ!/ Always, there's only one truth!