The following packages from 3.5 do not appear to be signed properly: db4-4.1.25-8.1.i386.rpm db4-devel-4.1.25-8.1.i386.rpm dump-0.4b37-1E.i386.rpm crash-3.10-10.centos.0.i386.rpm db4-java-4.1.25-8.1.i386.rpm I checked on a CentOS-2 and CentOS-3 box. sample problem: $ rpm -vK i386/crash-3.10-10.centos.0.i386.rpm i386/crash-3.10-10.centos.0.i386.rpm: MD5 sum mismatch Expected: 8e030692acbc9af9b7ced6a729410c42 Saw : a27b0ab402bf38be5ae6bf195ca0c355 gpg: Warning: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Wed 25 May 2005 20:44:30 EST using DSA key ID 025E513B gpg: BAD signature from "CentOS-3 Key <centos-3key at caosity.org>" $ rpm -Kv db4-4.1.25-8.1.i386.rpm db4-4.1.25-8.1.i386.rpm: Header V3 DSA signature: OK, key ID 025e513b Header SHA1 digest: OK (b07a40eedbd1cf5e4703c2164a33af213b6473a3) MD5 digest: BAD Expected(8bcaf8d8b087898cf835d9e6bba73766) != (2023f31e90546d87a3e31714a77f3af3) V3 DSA signature: BAD, key ID 025e513b John. -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin