documentation advises to install RPM over insecure HTTP without using a key for verification
The documentation: HEP_OSlibs/blob/el6/README-el6.md includes
yum install http://linuxsoft.cern.ch/wlcg/sl6/x86_64/wlcg-repo-1.0.0-1.el6.noarch.rpm
The documentation briefly mentions a key but does not describe how to use the key to verify the package integrity. If one uses the key to do this, installing a RPM via HTTP is fine. Otherwise, it should be installed via HTTPS. The documentation should be updated to
yum install https://linuxsoft.cern.ch/wlcg/sl6/x86_64/wlcg-repo-1.0.0-1.el6.noarch.rpm