On 04/21/2011 08:34 AM, Mathieu Baudier wrote: >> Not updating is entirely sensible and sounds like the best default position. >> Installing a package you'd expect to be signed when it isn't signed should >> ring alarm bells. > > I agree that my first answer was probably wrong, even with all > disclaimers and warnings. > > I thought of a technical way (--nogpgcheck) to solve the issue, > whereas the right answer was definitely procedural (as you point out, > not updating, what I would have done on my own systems). > > I apologize, but I did my best... > >> Freedom includes being free to make poor decisions. > > I fully agree with you. Maybe this would work out: yum --nogpgcheck update libuser-devel then you can update everything else later with gpg on. Although, like I said, this particular issue has now been corrected. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 253 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110421/da822936/attachment-0005.sig>