Hi, I just downloaded the "scientificlinux/6.2/SRPMS/" source packages, and see that some of them have broken signatures. Certainly, a lot of sources packages are not signed at all (it seems that it is TUV behaviour), but some of them show me (when "rpm -K"): > zlib-1.2.3-27.el6.src.rpm: (sha1) dsa sha1 (MD5) PGP md5 gpg NOT OK rpm -q gpg-pubkey: > gpg-pubkey-fd431d51-4ae0493b > gpg-pubkey-2fa658e0-45700c69 > gpg-pubkey-0608b895-4bd22942 > gpg-pubkey-f6777c67-45e5b1b9 > gpg-pubkey-1d1e034b-42bfd0c5 > gpg-pubkey-a109b1ec-3f6e28d5 > gpg-pubkey-f21541eb-4a5233e7 > gpg-pubkey-897da07a-3c979a7f > gpg-pubkey-db42a60e-37ea5438 > gpg-pubkey-37017186-45761324 > gpg-pubkey-42193e6b-4624eff2 > gpg-pubkey-849c449f-4cb9df30 > gpg-pubkey-5568bbb2-4cb9de99 > gpg-pubkey-192a7d7d-4a5769d0 > gpg-pubkey-eb10625a-4a576ad9 > gpg-pubkey-9505722e-4a576b54 > gpg-pubkey-13a0a2dc-4a576ba5 > gpg-pubkey-9b1fd350-4a576be4 I have at least 350 such packages, all of them seem differ with TUV ones. I don't use mirrorlists, just ftpX.scientificlinux.org urls. What I have to do with this? Regards, Dmitry Butskoy http://www.fedoraproject.org/wiki/DmitryButskoy