Yes, all packages are signed. The signature for the tarball and bzip2 archive are provided by separate downloads. The RPMs we provide are signed by either Ethan Blanton, Mark Doliner, or Stu Tomlinson. Usually the Mandrake RPMs are signed by, Mark Doliner, the Fedora Core RPMs are signed by Stu Tomlinson, and the Red Hat 8 and 9 RPMs are signed by Ethan Blanton. The keys can be obtained from any key server. ​http://pgp.mit.edu/ is popular.

There is a less extensive answer to this question at Installing Pidgin. Either this one or the other one should be removed.