I am running Linux RH5.2 and have RPM "pgp-5.0i-1" installed, which has been working fine for me in typical message-sending and -receiving contexts for months under Gnus. In a fresh "xemacs -q", I do Options -> Manage Packages -> Add Download Site -> xemacs.org Options -> Manage Packages -> List & Install An error is thrown on "lstream not open"; the end of my *Message-Log* buffer contains: | Retrieving /anonymous＠ftp.xemacs.org:/pub/xemacs/packages/package-index.LATEST.pgp...done | Loading mc-pgp... | Loading mc-pgp...done | Verifying... | Package-get PGP signature failed to verify | Internal error: lstream not open: #<INTERNAL OBJECT (XEmacs bug?) (filedesc lstream) 0x86e73a8> This in turn is because mailcrypt 3.5.3 (from the latest sumo tarball) is misusing PGP5, because *Mailcrypt* contains: When I re-install an old 2.6.2 PGP binary, the results are slightly different, but no better. Two identical "Error" dialog boxes are produced to complain about about "Hash: SHA1" and *Message-Log* complains: | Loading mc-pgp... | Loading mc-pgp...done | Verifying... | Package-get PGP signature failed to verify (there is no "internal error" complaint) and *Mailcrypt* reports: For the moment, is there a way merely to tell the package manager not to bother with PGP verifications? --karl