[CentOS] rpm libuser-devel is not signed

John Hodrien

J.H.Hodrien at leeds.ac.uk
Thu Apr 21 11:33:24 UTC 2011

On Thu, 21 Apr 2011, Mathieu Baudier wrote:

> Sorry, but not everybody is on production machines.
> Since the OP could not analyze himself the error message, one could
> safely assume he is not dealing with critical production environments.
> Maybe he was just told: "install quickly this CentOS in VirtualBox,
> just to make sure our app is compatible", and in that case the sooner
> the better.
> My "advice" and those of others where underlying the security risk.
> The one of Akemi seems pretty safe (not installing the update).
> To put it shortly: Freedom, as in "free software", is about doing
> whatever you want.

Not updating is entirely sensible and sounds like the best default position.
Installing a package you'd expect to be signed when it isn't signed should
ring alarm bells.

Freedom includes being free to make poor decisions.


More information about the CentOS mailing list