623 B
623 B
---id: RHEL-07-020152 status: implemented tag: packages ---
The STIG requires that repository XML files are verified during
yum
runs.
Warning
This setting is disabled by default because it can cause issues with CentOS systems and prevent them from retrieving repository information. Deployers who choose to enable this setting should test it thoroughly on non-production environments before applying it to production systems.
Deployers can override this default and opt in for the change by setting the following Ansible variable:
security_enable_gpgcheck_repo: yes