Here's the relevant details (from RFC 4880 section 12.2) re RSA fingerprint definition
with V3/V4 keys:
Also note that if V3 and V4 format keys share the same RSA key
material, they will have different Key IDs as well as different
fingerprints.
Finally, the Key ID and fingerprint of a subkey are calculated in the
same way as for a primary key, including the 0x99 as the first octet
(even though this is not a valid packet ID for a public subkey).
The verification in RPM assumes V3 RSA signatures for hysterical reasons.
So this "bug" is mostly a feature request, not otherwise.
Here's the relevant details (from RFC 4880 section 12.2) re RSA fingerprint definition
with V3/V4 keys:
Also note that if V3 and V4 format keys share the same RSA key
material, they will have different Key IDs as well as different
fingerprints.
Finally, the Key ID and fingerprint of a subkey are calculated in the
same way as for a primary key, including the 0x99 as the first octet
(even though this is not a valid packet ID for a public subkey).
The verification in RPM assumes V3 RSA signatures for hysterical reasons.
So this "bug" is mostly a feature request, not otherwise.