There's an inconsistency in the verification of packages in the errata test of gnorpm. If running as a normal user, you click the verify button on the menu bar or the Verify option in the Packages menu, you get an error message about requiring superuser privileges to verify packages. In contrast, if you select a package from one of the package groups and right click on the package and select verify from the context menu, you are happily allowed to verify the package. So either verify_one() in verify.c needs an euid check added or the check in rpm_verify_pkgs() in mainwin.c needs to be removed. As RPM by default allows any user to verify already installed packages, I'd lean towards the latter.
Has to be the former - a user cannot verify a file they cannot read
Fixed in gnome cvs