Comment 20 for bug 635868

A signature tag is what carries the RSA signature in metadata.

The likeliest explanation for my not seeing atm is that I'm
looking a different download package than you are. I
tried several download sites.

No worries, that's lots wrong with RSA verification of *.rpm packages, I'm
drilling through the muck now. I'll re-verify the tuxonice RSA
signature from the URI you have given as part of my implementation.