The Gentoo project identified a security related bug in GnuPG. When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mail programs), false positive
signature verification of detached signatures may occur.
This is primarily an issue since gpg return 0 on what should be a failure. This
will break automated scripts.
From User-Agent: XML-RPC
gnupg-220.127.116.11-1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.