Description of problem: When you have an rpm that has more than one distro (same version and name) then only one of them is signed: [root@resources02 ovirt-3.5]# rpm --checksig `find . -name "ovirt-release35-006-1.noarch.rpm"` ./rpm/fc21/noarch/ovirt-release35-006-1.noarch.rpm: sha1 md5 OK ./rpm/fc20/noarch/ovirt-release35-006-1.noarch.rpm: sha1 md5 OK ./rpm/el7/noarch/ovirt-release35-006-1.noarch.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#fe590cb7) ./rpm/el6/noarch/ovirt-release35-006-1.noarch.rpm: sha1 md5 OK ./rpm/fc22/noarch/ovirt-release35-006-1.noarch.rpm: sha1 md5 OK ./rpm/fc19/noarch/ovirt-release35-006-1.noarch.rpm: sha1 md5 OK Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: