The package rpm-3.0.1-12.5.2.i386.rpm from ftp.rpm.org is
signed using PGP key 0x73B83325, but it is not clear where
to get the public key for the verification - public
keyservers do not have it and I could not find it on
This issue has been forwarded to a developer for further action.
The rom-3.0.1-12.5.2.i386.rpm is now signed by _two_ keys that do not exist on
keyservers: 0x73B83325 and 0x1759C6EC
However, there are several newer packages that are properly signed, so I am
closing this report.