Juraj Marko reported [1] that the redhat-upgrade-tool does not implement proper GPG signature checking when upgrading from one version of Red Hat Enterprise Linux to another. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1123915
This issue was fixed in Red Hat Enterprise Linux 6 with the following errata: https://rhn.redhat.com/errata/RHBA-2014-1396.html
Acknowledgements: This issue was discovered by Juraj Marko of the Red Hat QE Team.
This was fixed in Red Hat Enterprise Linux 7 via: https://rhn.redhat.com/errata/RHBA-2015-2395.html