diff --git a/ChangeLog b/ChangeLog
index 4c80e35339..47ac1a7d02 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Sat Feb  9 09:24:38 2013  Eric Hodel  <drbrain@segment7.net>
+
+	* lib/rubygems/package/old.rb:  Fix behavior only on ruby 1.8.
+
+	* lib/rubygems/package.rb:  Include checksums.yaml.gz signatures for
+	  verification.
+	* test/rubygems/test_gem_package.rb:  Test for the above.
+
 Sat Feb  9 01:23:24 2013  Tanaka Akira  <akr@fsij.org>
 
 	* test/fiddle/helper.rb: specify libc and libm locations for MirOS BSD.
diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
index 82abcd0c6f..d56316e1ba 100644
--- a/lib/rubygems/package.rb
+++ b/lib/rubygems/package.rb
@@ -518,8 +518,6 @@ EOM
       when /\.sig$/ then
         @signatures[$`] = entry.read if @security_policy
         next
-      when 'checksums.yaml.gz' then
-        next # already handled
       else
         digest entry
       end
diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb
index e0bdfbb3dc..d74753fa90 100644
--- a/lib/rubygems/package/old.rb
+++ b/lib/rubygems/package/old.rb
@@ -23,9 +23,10 @@ class Gem::Package::Old < Gem::Package
     require 'zlib'
     Gem.load_yaml
 
-    @gem      = gem
-    @contents = nil
-    @spec     = nil
+    @contents        = nil
+    @gem             = gem
+    @security_policy = nil
+    @spec            = nil
   end
 
   ##
@@ -142,7 +143,7 @@ class Gem::Package::Old < Gem::Package
       end
     end
 
-    yaml_error = if RUBY_VERSION < '1.8' then
+    yaml_error = if RUBY_VERSION < '1.9' then
                    YAML::ParseError
                  elsif YAML::ENGINE.yamler == 'syck' then
                    YAML::ParseError
diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb
index d08f46d7d2..1e9603c6c7 100644
--- a/test/rubygems/test_gem_package.rb
+++ b/test/rubygems/test_gem_package.rb
@@ -511,6 +511,24 @@ class TestGemPackage < Gem::Package::TarTestCase
     assert_empty package.instance_variable_get(:@files), '@files must empty'
   end
 
+  def test_verify_security_policy_low_security
+    @spec.cert_chain = [PUBLIC_CERT.to_pem]
+    @spec.signing_key = PRIVATE_KEY
+
+    FileUtils.mkdir_p 'lib'
+    FileUtils.touch 'lib/code.rb'
+
+    build = Gem::Package.new @gem
+    build.spec = @spec
+
+    build.build
+
+    package = Gem::Package.new @gem
+    package.security_policy = Gem::Security::LowSecurity
+
+    assert package.verify
+  end
+
   def test_verify_security_policy_checksum_missing
     @spec.cert_chain = [PUBLIC_CERT.to_pem]
     @spec.signing_key = PRIVATE_KEY