On Wed, 2012-02-22 at 11:36 -0600, Pat Riehecky wrote: > Can I have you check again with rpmdev-checksig? The zlib rpm you > listed below is signed by TUV and by SL, perhaps it is only checking the > one key. First of all, sorry for "lot of sources packages are not signed at all" mistake -- just have not noticed the lower "pgp" string. :( Well, > # rpmdev-checksig zlib-1.2.3-27.el6.src.rpm > zlib-1.2.3-27.el6.src.rpm: DSA/SHA1 - 192a7d7d - <[log in to unmask]> it shows gpg key only, and this key is OK. > # rpm -K zlib-1.2.3-27.el6.src.rpm > zlib-1.2.3-27.el6.src.rpm: (sha1) dsa sha1 (MD5) PGP md5 gpg NOT OK Here I see that "gpg" seems OK, but "PGP" (and "MD5" ?) not. Maybe it is due to I run it under Fedora 12 with rpm-4.7.2 ? BTW, what is a reason to sign already TUV-signed package again by SL sign (if it is actually a case)? Regards, Dmitry Butskoy