I downloaded them from a different mirror and they check out OK. Does someone want to try: http://mirror.pacific.net.au/linux/CentOS/3.5/os/i386 and see if they are OK on that mirror. I am using an http proxy which could be causing a problem. John. John Newbigin wrote: > The following packages from 3.5 do not appear to be signed properly: > db4-4.1.25-8.1.i386.rpm > db4-devel-4.1.25-8.1.i386.rpm > dump-0.4b37-1E.i386.rpm > crash-3.10-10.centos.0.i386.rpm > db4-java-4.1.25-8.1.i386.rpm > > I checked on a CentOS-2 and CentOS-3 box. > > sample problem: > $ rpm -vK i386/crash-3.10-10.centos.0.i386.rpm > i386/crash-3.10-10.centos.0.i386.rpm: > MD5 sum mismatch > Expected: 8e030692acbc9af9b7ced6a729410c42 > Saw : a27b0ab402bf38be5ae6bf195ca0c355 > gpg: Warning: using insecure memory! > gpg: please see http://www.gnupg.org/faq.html for more information > gpg: Signature made Wed 25 May 2005 20:44:30 EST using DSA key ID 025E513B > gpg: BAD signature from "CentOS-3 Key <centos-3key at caosity.org>" > > $ rpm -Kv db4-4.1.25-8.1.i386.rpm > db4-4.1.25-8.1.i386.rpm: > Header V3 DSA signature: OK, key ID 025e513b > Header SHA1 digest: OK (b07a40eedbd1cf5e4703c2164a33af213b6473a3) > MD5 digest: BAD Expected(8bcaf8d8b087898cf835d9e6bba73766) != > (2023f31e90546d87a3e31714a77f3af3) > V3 DSA signature: BAD, key ID 025e513b > > John. > -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin