If the packages in Rawhide are not signed aren't rawhide users
vulnerable to man-in-the-middle attacks?
Worse it also allows mirrors to send out malicious packages to certain
users, as the package will not be checked by the end user?
I really think all the packages in Rawhide should be signed before
being pushed out the end user.