Every time I download a .rpm file, I check it with rpm -K --nopgp. I downloaded a bunch of rpms today from ftp://rawhide.redhat.com/rawhide/i386/RedHat/RPMS/, and some of them failed the rpm -K --nopgp test with the error "md5 GPG NOT OK". I am using ncftp-3.0beta19-1 and rpm-3.0.3-0.32. I'm wondering if these rpms are really corrupted, or is there some problem with my test? Most of the rpms I downloaded today did pass the rpm -K --nogpgp test just fine. The following rpms failed the test after I downloaded them: gimp-libgimp-1.0.4-5.i386.rpm: ERROR checksig failed gtk+-1.2.5-2.i386.rpm: ERROR checksig failed isapnptools-1.18c-1.i386.rpm: ERROR checksig failed kdebase-1.1.2-11.i386.rpm: ERROR checksig failed knfsd-1.4.7-7.i386.rpm: ERROR checksig failed knfsd-clients-1.4.7-7.i386.rpm: ERROR checksig failed mkbootdisk-1.2.2-1.i386.rpm: ERROR checksig failed ncftp-3.0beta19-2.i386.rpm: ERROR checksig failed ncurses-4.2-25.i386.rpm: ERROR checksig failed ncurses-devel-4.2-25.i386.rpm: ERROR checksig failed pam-0.68-7.i386.rpm: ERROR checksig failed passwd-0.63-1.i386.rpm: ERROR checksig failed rmt-0.4b4-11.i386.rpm: ERROR checksig failed rpm-3.0.3-2.i386.rpm: ERROR checksig failed rpmfind-1.2-4.i386.rpm: ERROR checksig failed sendmail-cf-8.9.3-15.i386.rpm: ERROR checksig failed sendmail-doc-8.9.3-15.i386.rpm: ERROR checksig failed sysklogd-1.3.31-12.i386.rpm: ERROR checksig failed tcsh-6.08.00-6.i386.rpm: ERROR checksig failed telnet-0.10-31.i386.rpm: ERROR checksig failed
They're signed with GPG, not PGP. To omit the check, do --nogpg. (GPG is Gnu Privacy Guard, http://www.gnupg.org/)