---
id: V-71981
status: opt in
tag: packages
---

The STIG requires that repository XML files are verified during ``yum`` runs.

.. warning::

    This setting is disabled by default because it can cause issues with CentOS
    systems and prevent them from retrieving repository information. Deployers
    who choose to enable this setting should test it thoroughly on
    non-production environments before applying it to production systems.

Deployers can override this default and opt in for the change by setting the
following Ansible variable:

.. code-block:: yaml

    security_enable_gpgcheck_repo: yes