The CentOS mirror infrastructure now allows to implement the version number lock for SCLo repositories.
mirrorlist.centos.org code now supports SIGs/AltArch repositories
https://lists.centos.org/pipermail/centos-devel/2018-September/016949.html
We could enhance the locked repository list 
The CentOS SoftwareCollections SIG repo signature is invalid:
[root@vm5 ~]# curl -s -O http://mirror.centos.org/centos/7.6.1810/sclo/x86_64/sclo/repodata/repomd.xml.asc
[root@vm5 ~]# curl -s -O http://mirror.centos.org/centos/7.6.1810/sclo/x86_64/sclo/repodata/repomd.xml
[root@vm5 ~]# gpg repomd.xml.asc
gpg: Signature made Sat 19 May 2018 02:44:12 AM CEST using RSA key ID F2EE9D55
gpg: BAD signature from "CentOS SoftwareCollections SIG (https://wiki.centos.org/SpecialInterestGroup/SCLo) <security@centos.org>"
SCLo repo_gpgcheck=1 is not expected to work, according to https://wiki.centos.org/Download/Verify#head-9f1820241b204d28240c4409064e9213737874ba
May yum-plugin-priorities could help to… achieve a less worring situation for CentOS update release vs NethServer installation integrity?