The satellite installer just blindly rpm --imports what it assumes will be the Red Hat gpg key. Someone could get sneaky and replace it with something else, compromising the system. Instead, we should ask the user if it's ok, saying where the gpg key is, and what the key id is, etc. Our wonderful Co-op says: <@kganong> jbowes, bretm-laptop: Its located in install_main.pl, sub setup_gpg <@kganong> jbowes: also located in satInstall.py, def addGPGKey, but I don't know if that is active code.