Bug 365021

Summary: [RFE] Disable GPG check on package files installed via localinstall
Product: [Fedora] Fedora Reporter: Ignacio Vazquez-Abrams <ivazqueznet>
Component: yumAssignee: Jeremy Katz <katzj>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 7CC: ffesti, james.antill, pmatilai, tim.lauridsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-03 13:55:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ignacio Vazquez-Abrams 2007-11-03 05:49:44 UTC 
It would be handy if yum localinstall disabled the GPG verification on the
packages passed to it on the command line, but still enforced it on packages
installed from repositories.
Comment 1 Seth Vidal 2007-11-03 13:55:40 UTC 
Automating that change just makes the likelihood of someone bein exploited greater.

If you are localinstalling and want to make sure gpgchecking is off there are 2
ways:

1. yum --nogpgcheck localinstall foo.rpm
2. edit /etc/yum.conf and under [main] set gpgcheck=0

In the 2nd case that'll disable it ONLY for the global case and any repo which
has gpgcheck=1 will continue gpg checking