I think I am getting a little confused about these trust things. > How am *I* supposed to verify the validity of those public keys. > If you really want to be sure what you should do is compare them from your system to a trusted source such as the CentOS website, CentOS main repositories, CentOS IRC channel or here ;)