Packages available from 10gen yum repository (and probably all provided packages) should be signed using a GPG/PGP key. It makes it harder to compromise a yum repository (it is not enough to just replace RPM in a repo).
- is related to
-
SERVER-5455 Sign source archives (tgz, zip, etc) with a public GPG key
- Closed
-
SERVER-14036 Ubuntu Key File belongs to Richard Kreuter
- Closed
-
SERVER-19893 Generate packages on their own platforms
- Closed