URL: https://rol.redhat.com/rol/app/courses/rh124-8.2/pages/ch14s07
Reporter RHNID: maciej.sitarz@pl.ibm.com
Section: 7 - Enabling Yum Software Repositories
Language: en-US (English)|
Workaround:

Description: The WARNING field in chapter 14 section 7 "Enabling Yum Software Repositories":
https://rol.redhat.com/rol/app/courses/rh124-8.2/pages/ch14s07

warns the learners about installing the RPM GPG key.

The message is:
```
Warning

Install the RPM GPG key before installing signed packages. This verifies that the packages belong to a key which has been imported. Otherwise, the yum command fails due to a missing key. The --nogpgcheck option can be used to ignore missing GPG keys, but this could cause forged or insecure packages to be installed on the system, potentially compromising its security.
```

In the student opinion, this is not exactly what RPM GPG does, from the second sentence in the warning learner could understand that installing that RPM GPG key will verify the packages, but it won't.
The install will just install it, and the installation will "allow the verification of the packages" during future package installations. It also won't verify currently installed packages.

Best regards,
Maciej Sitarz