Red Hat 7.2 GnuPG signed RPM verification fails on distribution files
Red Hat 7.2 distribution files on popular ftp sites such as
ftp.ibiblio.org and mirrors.hpcf.upr.edu are not signed. It is
unlikely that this is an attack as the number of sites involved makes
it likely someone would have noticed and notified the community.
Either Red Hat did not sign these packages, or someone subverted the
distribution process before the files got to various sites. For Red
Hat 7.1 please note that all files were correctly signed with the Red
Hat GnuPG security key.