[CentOS] rpm libuser-devel is not signed

Thu Apr 21 18:42:11 UTC 2011
Lamar Owen <lowen at pari.edu>

On Thursday, April 21, 2011 07:56:27 AM John Hodrien wrote:
> If people think that disabling gpg checking is a good idea, you risk this
> finding its way into their yum.conf.  That's exactly what you've seen amongst
> some spacewalk users.

FWIW, there are some out there who don't even think unsigned packages are a problem.  As an extreme example of this, recently I saw on LinuxToday where there was a thread in an archlinux list about signed packages; most of the devs didn't consider them a priority.  At all.

One reason arch won't be in production here any time soon.

Unless you know exactly what you are doing and the full ramifications of doing it you should never disable gpgcheck, since mirrors can be hacked.