On Thu, 21 Apr 2011, Karanbir Singh wrote: > yes, a package was released, unsigned, and has been fixed. ( and 4 more > tests added to the release process to make sure that this does not > happen again; or atleast reduce the chance of this going out ). And if people stick with the sane practice of only trusting signed packages, this is quickly caught and the only cost is a short delay while updated packages are pushed out. If people think that disabling gpg checking is a good idea, you risk this finding its way into their yum.conf. That's exactly what you've seen amongst some spacewalk users. jh