It would be handy if yum localinstall disabled the GPG verification on the packages passed to it on the command line, but still enforced it on packages installed from repositories.
Automating that change just makes the likelihood of someone bein exploited greater. If you are localinstalling and want to make sure gpgchecking is off there are 2 ways: 1. yum --nogpgcheck localinstall foo.rpm 2. edit /etc/yum.conf and under [main] set gpgcheck=0 In the 2nd case that'll disable it ONLY for the global case and any repo which has gpgcheck=1 will continue gpg checking