On the alpha running rpm to verify a packages integrity is not possible as rpm fails to find any signatures. Official RPM from ftp.redhat.com rpm -vv -K XFree86-100dpi-fonts-4.0.2-1.i386.rpm D: No signature XFree86-100dpi-fonts-4.0.2-1.i386.rpm: No signature available One generated and signed on the alpha: rpm -vv -K grip-2.95-2.alpha.rpm D: No signature grip-2.95-2.alpha.rpm: No signature available Checking same packages on an Intel box shows the packages are signed: (or have at least an MD5 sum) rpm -vv --checksig XFree86-100dpi-fonts-4.0.2-1.i386.rpm D: New Header signature D: Signature size: 100 D: Signature pad : 4 D: sigsize : 104 D: Header + Archive: 1274462 D: expected size : 1274462 XFree86-100dpi-fonts-4.0.2-1.i386.rpm: MD5 sum OK: 806b5b0422877eb03cdca81792562897 rpm -vv -K grip-2.95-2.alpha.rpm D: New Header signature D: Signature size: 366 D: Signature pad : 2 D: sigsize : 368 D: Header + Archive: 240432 D: expected size : 240432 grip-2.95-2.alpha.rpm: MD5 sum OK: ef544b423a954d3dad8b4bfeb7a59952 gpg: Warning: using insecure memory! gpg: Signature made Wed 17 Jan 2001 07:25:20 PM EST using ELG key ID E94D1363 gpg: Good signature from "Gregory McLean <gregm>" gpg: aka "Gregory McLean <gregm>" gpg: aka "Gregory McLean <gregm>" gpg: aka "Gregory McLean (Work Identity) <gmclean>" This prevents things like up2date from verifying packages and brings into question the packages downloaded.
This is gcc miscompilink rpm. The gcc bug has been fixed in gcc-2.96-60 (although you want to use gcc-2.96-70 or later because of another bug) IIRC, and there are attempts to avoid the problem in rpm-4.0.1 and later. You can get rpm-4.0.1 at the moment from ftp://ftp.rpm.org/pub/rpm/test-4.0.1