On Thu, 12 Jul 2007, Johnny Hughes wrote: > Before we take this any further ... was the key you imported to a > repository other than an official CentOS one. (for example, RPMForge, > ATRPMS, etc.). The install was from DVD, default packages (I planned to use yum for updates, etc). No other repos added. Straight out of the box. > > The default CentOS-Base.repo has this line in it: > > gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 > Mine shows it, too. > All packages in the official repos should be signed with that key ... if > you only have the CentOS Default repos enabled, you should not have been > able to install a package that needed updating without yum asking you if > you wanted to install that key. > > If you had to add the CentOS-5 key ... then something is not setup in > the default way. > > So, what is the verdict thus far? Scott