Re: GPG key
rawhide packages are in fact not signed. There's some discussion about how to do this, but since they are just composed every night and signing requires a human, it's difficult to automate.
Unless you are talking about rpmfusion ? In that case, consult with them as to what is signed/not signed.