On 01/26/2017 04:30 PM, Lamar Owen wrote:
On 01/26/2017 12:14 PM, Johnny Hughes wrote:
The testing RPMs are not signed .. they are straight from CBS. Does the
testing repo not have 'gpgcheck=0'?
Ok, thanks. Given the level of system interaction that qemu/kvm has,
it would be an ideal vector for malware, and package signing prevents
this. My copy of the repo file has the following:
+++++++++++
[centos-qemu-ev-test]
name=CentOS-$releasever - QEMU EV Testing
baseurl=http://buildlogs.centos.org/centos/$releasever/virt/$basearch/kvm-common/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
The update pulled in a new .repo file as part of the release package,
and this stanza now shows gpgcheck=0
_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-virt
