Hi list, I downloaded the CentOS-7-x86_64-Minimal-2003.iso ( sha256sum 659691c28a0e672558b003d223f83938f254b39875ee7559d1a4a14c79173193 ) and mount it on /mnt Unfortunately, It returned "BAD signature" when I verified the repodata/repomd.xml.asc So should I continue to use this ISO? Below is my procedure: # gpg --import /mnt/RPM-GPG-KEY-CentOS-7 gpg: key F4A80EB5: public key "CentOS-7 Key (CentOS 7 Official Signing Key) <security@xxxxxxxxxx>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) # gpg --fingerprint /root/.gnupg/pubring.gpg ------------------------ pub 4096R/F4A80EB5 2014-06-23 Key fingerprint = 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5 uid CentOS-7 Key (CentOS 7 Official Signing Key) <security@xxxxxxxxxx> # gpg --verify /mnt/repodata/repomd.xml.asc gpg: Signature made Wed 22 Apr 2020 07:37:54 AM CST using RSA key ID F4A80EB5 gpg: BAD signature from "CentOS-7 Key (CentOS 7 Official Signing Key) <security@xxxxxxxxxx>" _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos