The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification (e.g. by scripts and mail programs), false positive signature verification of detached signatures may occur. This is primarily an issue since gpg return 0 on what should be a failure. This will break automated scripts. http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
From User-Agent: XML-RPC gnupg-1.4.2.1-1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.