I was running a rpm -qa --qf "%{vendor} \t\t%{name}\n" |sort|grep -v CentOS looking for packages from other vendors installed on a machine and noticed a curious sight: Fujitsu Limited crash-trace-command It appears I am not the only one who has crash-trace-command from Fujitsu Limited https://www.centos.org/forums/viewtopic.php?f=13&t=1081&start=0#p6688 That is a good thing right? :) I was curious however to find it in my centos mirror, and apparently signed by the centos crew[2]. Would one of our gentle OS maintainers be kind enough to confirm this is just an extension of the issues in bug 5967[1]? (which I found near the end of my web search) Looking a little deeper it appears that there are a couple of other packages (rome) with odd vendors in the 6.5 tree: for i in centos/6/os/i386/Packages/*rpm; \ do rpm -q --qf "%{vendor} \t%{name}\n" -p $i; \ done |grep -v CentOS Fujitsu Limited crash-trace-command Red Hat, Inc. python-qpid-qmf Red Hat, Inc. qpid-qmf (none) rome (none) rome-javadoc Red Hat, Inc. ruby-qpid-qmf [1] http://bugs.centos.org/view.php?id=5967 [2] $ rpm -qa gpg-pubkey\* gpg-pubkey-c105b9de-4e0fd3a3 $ for i in centos/6/os/*/Packages/crash-trace-command-*; \ do echo $i;rpm -q --qf "%{vendor} \t%{name}\n" -p $i;done centos/6/os/i386/Packages/crash-trace-command-1.0-4.el6.i686.rpm Fujitsu Limited crash-trace-command centos/6/os/x86_64/Packages/crash-trace-command-1.0-4.el6.x86_64.rpm Fujitsu Limited crash-trace-command ##Note the lack of ##"warning: centos/6/os/i386/Packages/crash-trace-command-1.0-4.el6.i686.rpm: Header V3 RSA/SHA1 signature: NOKEY, key ID c105b9de" ## which I did get on a CentOS 5 machine doing the same check.