[CentOS-virt] qemu-kvm-ev-2.6.0-28.el7_3.3.1 tagged for testing

Thu Jan 26 21:32:22 UTC 2017
Lamar Owen <lowen at pari.edu>

On 01/26/2017 04:30 PM, Lamar Owen wrote:
> On 01/26/2017 12:14 PM, Johnny Hughes wrote:
>> The testing RPMs are not signed .. they are straight from CBS.  Does the
>> testing repo not have 'gpgcheck=0'?
> Ok, thanks.  Given the level of system interaction that qemu/kvm has, 
> it would be an ideal vector for malware, and package signing prevents 
> this.    My copy of the repo file has the following:
> +++++++++++
> [centos-qemu-ev-test]
> name=CentOS-$releasever - QEMU EV Testing
> baseurl=http://buildlogs.centos.org/centos/$releasever/virt/$basearch/kvm-common/ 
>
> gpgcheck=1
> enabled=0
> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
>
The update pulled in a new .repo file as part of the release package, 
and this stanza now shows gpgcheck=0