Hi, Would it make sense to make gpg signature checking the default for the official distributed Scientific Linux packages? In other words, include the line 'gpgcheck=1' in the /etc/yum.repos.d/sl*.repo files. It seems as if this approach would help to make sure that all packages are signed and that users don't accidentally install 'unofficial' or (perhaps maliciously) altered packages. -g