I downloaded them from a different mirror and they check out OK. Does someone want to try: http://mirror.pacific.net.au/linux/CentOS/3.5/os/i386 and see if they are OK on that mirror. I am using an http proxy which could be causing a problem.
John.
John Newbigin wrote:
The following packages from 3.5 do not appear to be signed properly: db4-4.1.25-8.1.i386.rpm db4-devel-4.1.25-8.1.i386.rpm dump-0.4b37-1E.i386.rpm crash-3.10-10.centos.0.i386.rpm db4-java-4.1.25-8.1.i386.rpm
I checked on a CentOS-2 and CentOS-3 box.
sample problem: $ rpm -vK i386/crash-3.10-10.centos.0.i386.rpm i386/crash-3.10-10.centos.0.i386.rpm: MD5 sum mismatch Expected: 8e030692acbc9af9b7ced6a729410c42 Saw : a27b0ab402bf38be5ae6bf195ca0c355 gpg: Warning: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Wed 25 May 2005 20:44:30 EST using DSA key ID 025E513B gpg: BAD signature from "CentOS-3 Key centos-3key@caosity.org"
$ rpm -Kv db4-4.1.25-8.1.i386.rpm db4-4.1.25-8.1.i386.rpm: Header V3 DSA signature: OK, key ID 025e513b Header SHA1 digest: OK (b07a40eedbd1cf5e4703c2164a33af213b6473a3) MD5 digest: BAD Expected(8bcaf8d8b087898cf835d9e6bba73766) != (2023f31e90546d87a3e31714a77f3af3) V3 DSA signature: BAD, key ID 025e513b
John.