On 13.Jun.2013, at 13:14, James Hogarth wrote: >> I am wondering why this import is not happening automatically at install >> time. There must be good reasons for that? >> >> > Anaconda doesn't actually carry out gpg checks... I think it had that added > during the fedora 18/19 rewrite so EL7 might cover that but certain EL5 and > EL6 won't have that … It makes sense then. Since anaconda does not check the signature of the centos-release rpm it can not ensure that the contained public key is not faked and leaves this exercise to the user. I think I am getting a little confused about these trust things. How am *I* supposed to verify the validity of those public keys. -- Markus