Hello, 'yum update' runs into the following error message. Package libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm is not signed regards Olaf
On 21/04/11 5:26 AM, Olaf Mueller wrote:> Hello, > > 'yum update' runs into the following error message. > > Package libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm is not signedI got this too, there's two ways around it: 1) Wait until the package is signed and then update. 2) Run: yum update --nogpgcheck Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110421/1980d600/attachment-0005.sig>
>> 'yum update' runs into the following error message. >> >> Package libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm is not signed > > I got this too, there's two ways around it: > > 1) Wait until the package is signed and then update. > > 2) Run: yum update --nogpgcheckOther workarounds for this particular issue have just been suggested here: http://lists.centos.org/pipermail/centos/2011-April/110547.html http://lists.centos.org/pipermail/centos/2011-April/110551.html
On 04/21/2011 12:49 AM, Ben McGinnes wrote:> 2) Run: yum update --nogpgcheckplease dont do that :( - KB
On Thursday, April 21, 2011 07:56:27 AM John Hodrien wrote:> If people think that disabling gpg checking is a good idea, you risk this > finding its way into their yum.conf. That's exactly what you've seen amongst > some spacewalk users.FWIW, there are some out there who don't even think unsigned packages are a problem. As an extreme example of this, recently I saw on LinuxToday where there was a thread in an archlinux list about signed packages; most of the devs didn't consider them a priority. At all. One reason arch won't be in production here any time soon. Unless you know exactly what you are doing and the full ramifications of doing it you should never disable gpgcheck, since mirrors can be hacked.