Hi John, > I am trying to figure out a way to use gpgcheck=1 in a yum repo given > the presence of unsigned packages. At the moment it seems to me that > the valuable gpgcheck feature is rendered useless as soon as one package > is unsigned, because yum will refuse to update or install anything if > one package (to be updated) is unsigned and gpgcheck=1 is set. In order > to automate updates on a large number of machines I have to do > gpgcheck=0. Does the "tolerant" flag affect this behavior? The man > page is silent on this (and many other features). It only gives an > example of the kind of behavior "tolerant" causes. > > One idea for a solution would be to have my own local gpgcheck=0 > repository of unsigned packages (since they are very few) and use > gpgcheck=1 on other repositories. I am not sure how to do this however. > I can create a local repository containing only the java sdk package, > but how do I tell yum to use this repo for java-sdk instead of sl- > errata, but use sl-errata for everything else? If you were to create the repo, named something like "[java-sdk-unsigned]", then it's a simple matter on the command line to use: # yum --enablerepo=java-sdk-unsigned blah blah Michael.