[CentOS] repomd.xml.asc BAD signature in CentOS-7-x86_64-Minimal-2003.iso

Thu May 7 11:28:46 UTC 2020
Pany <pany at fedoraproject.org>

Hi list,

I downloaded the CentOS-7-x86_64-Minimal-2003.iso ( sha256sum
659691c28a0e672558b003d223f83938f254b39875ee7559d1a4a14c79173193 ) and
mount it on /mnt

Unfortunately, It returned "BAD signature" when I verified the

So should I continue to use this ISO?

Below is my procedure:

# gpg --import /mnt/RPM-GPG-KEY-CentOS-7
gpg: key F4A80EB5: public key "CentOS-7 Key (CentOS 7 Official Signing
Key) <security at centos.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

# gpg --fingerprint
pub   4096R/F4A80EB5 2014-06-23
      Key fingerprint = 6341 AB27 53D7 8A78 A7C2  7BB1 24C6 A8A7 F4A8 0EB5
uid                  CentOS-7 Key (CentOS 7 Official Signing Key)
<security at centos.org>

# gpg --verify /mnt/repodata/repomd.xml.asc
gpg: Signature made Wed 22 Apr 2020 07:37:54 AM CST using RSA key ID F4A80EB5
gpg: BAD signature from "CentOS-7 Key (CentOS 7 Official Signing Key)
<security at centos.org>"