Mathieu Baudier wrote: >> Package libuser-0.54.7-2.1.el5_5.2.x86_64.rpm is not signed >> > > You could use --nogpgcheck but this is really weird that some packages > are not signed. > > It may mean that the package is not from the trusted source, so you > should not use --nogpgcheck on a "serious" environment. > Yes, that's what I thought too about not disabling gpg. yum info on the package reports that the update is coming from the 'updates' repo, and that repo is configured to be: [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 This is all the default settings from a fresh install; I'm not aware that anything changed in these configs. If this package is not signed, then I guess other people should be able to reproduce the problem if they point to the default repos, right? Or maybe it is something on my system's config that is different? Thanks again! Andre > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Andre Charbonneau Research Computing Support, IMSB National Research Council Canada 100 Sussex Drive, Rm 2158 Ottawa, ON, Canada K1A 0R6 613-993-3129