> Not updating is entirely sensible and sounds like the best default position. > Installing a package you'd expect to be signed when it isn't signed should > ring alarm bells. I agree that my first answer was probably wrong, even with all disclaimers and warnings. I thought of a technical way (--nogpgcheck) to solve the issue, whereas the right answer was definitely procedural (as you point out, not updating, what I would have done on my own systems). I apologize, but I did my best... > Freedom includes being free to make poor decisions. I fully agree with you.