no it is not normal. but 7+ years old, not supported, end-of-life version you try to use ...
if you want though and sure you are using the original official version and pkg repos then as a workaround you may edit /etc/opkg.conf and comment out option check_signature.
but it is your call, it is a risk you have to decide to take or not. also if possible use a newer release, highly recommended!