> > I still want to use GPG to check the regular fedora-core packages and > > updates, but the local repository has RPM's that may or may not be GPG > > signed, so I don't want to check GPG on those packages. > > Any reason for you to not just rpm --resign the packages with > your own GPG key, and add your keys to the up2date/rpm > recognized keys? That is definitely an option, but it just adds another maintenance aspect (ie. having to remember to sign, and to double check that if anybody else has put files in that directory that they have told me so that I can sign them)... since we don't care about the signature it seems like an extra unnessesary hassle. I was hoping that since the yum authors gave the option, that maybe the up2date authors would also have a way to individually ignore GPG (hint hint nudge nudge to up2date authors :-). Cheers, >>>>> Mike <<<<<
