[CentOS] rpm libuser-devel is not signed
John Hodrien
J.H.Hodrien at leeds.ac.uk
Thu Apr 21 10:59:11 UTC 2011
On Thu, 21 Apr 2011, Karanbir Singh wrote:
> On 04/21/2011 09:26 AM, Johnny Hughes wrote:
>>> Other workarounds for this particular issue have just been suggested here:
>>> http://lists.centos.org/pipermail/centos/2011-April/110547.html
>>> http://lists.centos.org/pipermail/centos/2011-April/110551.html
>
> I find it strange that people are making such recommendations. A non
> verifyable signature is a MASSIVE deal. Working 'around' that is to stop
> doing what you are doing, and not do any package centric operation till
> the issue is fixed and resolved in an acceptable manner.
It's all too often the advice you'll see. On Spacewalk, the standard response
to dealing with unsigned (or signed with an unimported key) is to disable all
gpg checks. It's cringeworthy, and wrong on so many levels.
jh
More information about the CentOS
mailing list