From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 Description of problem: When updating system using up2date GUI, before downloading every package, it warns that package is not GPG-signed. Version-Release number of selected component (if applicable): up2date-4.4.23-4, up2date-gnome-4.4.23-4 How reproducible: Always Steps to Reproduce: 1. wait a day for new package being released 2. run up2date GUI as root 3. select all nesessary packages for installing Actual Results: 4. before every package downloading you will be warned about the fact that the package is not GPG-signed, and do you want to proceed Expected Results: 4. packages should be GPG-signed and up2date should recognize the signature Additional info:
The warning message is wrong - the packages are GPG-signed, but you haven't installed the corresponding GPG key so it can't be verified (for example, the Fedora Extras key is numbered 1ac70ce6 which should appear in the warning message).
Your're right, "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora" seems to fix the problem. But I do not know why this is not done automatically.