> What's worse is that it's a *Red Hat* key... Not sure if that's bad - it's only a SRPMS after all, I'm not even convinced that un-modified SRPMS should be resigned by CentOS (after all what for?) > [ignacio at ignacio ~]$ gpg /etc/pki/rpm-gpg/RPM-GPG-KEY > pub 1024D/DB42A60E 1999-09-23 Red Hat, Inc <security at redhat.com> > sub 2048g/961630A2 1999-09-23 I thought I'd seen those 8 hexdigits before... :) Cheers, MaZe.