> > Can I have you check again with rpmdev-checksig? The zlib rpm you > listed below is signed by TUV and by SL, perhaps it is only checking the > one key. > Could you please explain how you sign these packages? According to the rpm(8) man page, > SIGNING A PACKAGE > rpm --addsign|--resign PACKAGE_FILE ... > > Both of the --addsign and --resign options generate and insert new sig‐ > natures for each package PACKAGE_FILE given, replacing any existing > signatures. There are two options for historical reasons, there is no > difference in behavior currently. Note "replacing any existing signatures". IOW, after SL-sign, any previous TUV-sign data should be removed, isn't it? A broken "rpm -K" behaviour breaks my scripts and certainly I'm impressed a little... :-/ Regards, Dmitry Butskoy