[CentOS] rpm libuser-devel is not signed

Mathieu Baudier mbaudier at argeo.org
Thu Apr 21 11:26:51 UTC 2011


>>> Other workarounds for this particular issue have just been suggested here:
>>> http://lists.centos.org/pipermail/centos/2011-April/110547.html
>>> http://lists.centos.org/pipermail/centos/2011-April/110551.html
>
> I find it strange that people are making such recommendations. A non
> verifyable signature is a MASSIVE deal. Working 'around' that is to stop
> doing what you are doing, and not do any package centric operation till
> the issue is fixed and resolved in an acceptable manner.

Sorry, but not everybody is on production machines.

Since the OP could not analyze himself the error message, one could
safely assume he is not dealing with critical production environments.
Maybe he was just told: "install quickly this CentOS in VirtualBox,
just to make sure our app is compatible", and in that case the sooner
the better.

My "advice" and those of others where underlying the security risk.
The one of Akemi seems pretty safe (not installing the update).

To put it shortly: Freedom, as in "free software", is about doing
whatever you want.

This being say, I do agree that having a non signed package is a MASSIVE deal.
Do we have more details about what's going on here?



More information about the CentOS mailing list