Mathieu Baudier wrote:
>> Package libuser-0.54.7-2.1.el5_5.2.x86_64.rpm is not signed
>>
>
> You could use --nogpgcheck but this is really weird that some packages
> are not signed.
>
> It may mean that the package is not from the trusted source, so you
> should not use --nogpgcheck on a "serious" environment.
>
Yes, that's what I thought too about not disabling gpg.
yum info on the package reports that the update is coming from the
'updates' repo, and that repo is configured to be:
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
This is all the default settings from a fresh install; I'm not aware
that anything changed in these configs.
If this package is not signed, then I guess other people should be able
to reproduce the problem if they point to the default repos, right? Or
maybe it is something on my system's config that is different?
Thanks again!
Andre
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
--
Andre Charbonneau
Research Computing Support, IMSB
National Research Council Canada
100 Sussex Drive, Rm 2158
Ottawa, ON, Canada K1A 0R6
613-993-3129
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
