<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV>A noob question.  When I started to update from the development tree, I found I had to set gpgcheck=0 in yum.conf.  According to</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><A href="http://forums.fedoraforum.org/showthread.php?t=51610">http://forums.fedoraforum.org/showthread.php?t=51610</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><FONT class="Apple-style-span" face="Verdana" size="3"><SPAN class="Apple-style-span" style="font-size: 11px;">"Yes, all non-development tree packages coming out of Redhat should be signed, that goes for FC4 final."</SPAN></FONT></DIV><DIV><FONT class="Apple-style-span" face="Verdana" size="3"><SPAN class="Apple-style-span" style="font-size: 11px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV><FONT class="Apple-style-span" face="Verdana" size="3"><SPAN class="Apple-style-span" style="font-size: 11px;"><FONT class="Apple-style-span" face="Helvetica" size="4"><FONT class="Apple-style-span" size="4"><SPAN class="Apple-style-span" style="font-size: 16px;">Does this imply that all development tree packages are NOT signed, and thus that gpgcheck=0 is necessary?  Feels a tad scary.  Can one check signatures using a different system like APT instead of Yum, for example?</SPAN></FONT></FONT></SPAN></FONT></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>/Mike</DIV><DIV><BR class="khtml-block-placeholder"></DIV></BODY></HTML>