Just from the first few lines in the emerge:
```$ sudo rm /var/cache/distfiles/make* && sudo rm -rf /var/tmp/portage/* && sudo emerge -av make

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 1.04 s (backtrack: 0/20).

[ebuild   R    ] dev-build/make-4.4.1-r1::gentoo  USE="doc* nls verify-sig -guile -static -test" 2,294 KiB

Total: 1 package (1 reinstall), Size of downloads: 2,294 KiB

Would you like to merge these packages? [Yes/No] y

>>> Verifying ebuild manifests

>>> Emerging (1 of 1) dev-build/make-4.4.1-r1::gentoo
>>> Downloading 'https://gentoo.osuosl.org/distfiles/c7/make-4.4.1.tar.gz'
--2024-04-21 08:10:41--  https://gentoo.osuosl.org/distfiles/c7/make-4.4.1.tar.gz
Resolving gentoo.osuosl.org... 2600:3404:200:237::2, 2600:3402:200:227::2, 2605:bc80:3010::134, ...
Connecting to gentoo.osuosl.org|2600:3404:200:237::2|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2348200 (2.2M) [application/x-gzip]
Saving to: ‘/var/cache/distfiles/make-4.4.1.tar.gz.__download__’

/var/cache/distfile 100%[===================>]   2.24M   830KB/s    in 2.8s

2024-04-21 08:10:44 (830 KB/s) - ‘/var/cache/distfiles/make-4.4.1.tar.gz.__download__’ saved [2348200/2348200]

 * make-4.4.1.tar.gz BLAKE2B SHA512 size ;-) ...                                                                                                                                                            [ ok ]
>>> Downloading 'https://gentoo.osuosl.org/distfiles/ea/make-4.4.1.tar.gz.sig'
--2024-04-21 08:10:44--  https://gentoo.osuosl.org/distfiles/ea/make-4.4.1.tar.gz.sig
Resolving gentoo.osuosl.org... 2600:3402:200:227::2, 2600:3404:200:237::2, 2605:bc80:3010::134, ...
Connecting to gentoo.osuosl.org|2600:3402:200:227::2|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 833 [application/pgp-signature]
Saving to: ‘/var/cache/distfiles/make-4.4.1.tar.gz.sig.__download__’

/var/cache/distfile 100%[===================>]     833  --.-KB/s    in 0s

2024-04-21 08:10:45 (1.31 GB/s) - ‘/var/cache/distfiles/make-4.4.1.tar.gz.sig.__download__’ saved [833/833]

 * make-4.4.1.tar.gz.sig BLAKE2B SHA512 size ;-) ...                                                                                                                                                        [ ok ]
>>> Unpacking source...
>>> Unpacking make-4.4.1.tar.gz to /var/tmp/portage/dev-build/make-4.4.1-r1/work
>>> Unpacking make-4.4.1.tar.gz.sig to /var/tmp/portage/dev-build/make-4.4.1-r1/work
unpack make-4.4.1.tar.gz.sig: file format not recognized. Ignoring.
```

This signature file doesn't have an unrecognized format, and, arguably, if it fails the signature validation for this reason, or any reason, it should throw an error rather than silently ignoring it.



There doesn't seem to be a problem with the file or the signature:
```
$ gpg --import /usr/share/openpgp-keys/make.asc
gpg: key 80CB727A20C79BB2: 2 signatures not checked due to missing keys
gpg: /home/anthony/.gnupg/trustdb.gpg: trustdb created
gpg: key 80CB727A20C79BB2: public key "Paul D. Smith <paul@mad-scientist.net>" imported
gpg: key C880290BAE084F1D: public key "Boris Kolpackov <boris@kolpackov.net>" imported
gpg: key 91C1262F01EB8D39: public key "Eli Zaretskii (eliz) <eliz@gnu.org>" imported
gpg: key E78DAE0F3115E06B: public key "Eli Zaretskii <eliz@gnu.org>" imported
gpg: Total number processed: 4
gpg:               imported: 4
gpg: no ultimately trusted keys found

$ gpg --verify make-4.4.1.tar.gz.sig
gpg: assuming signed data in 'make-4.4.1.tar.gz'
gpg: Signature made Sun 26 Feb 2023 12:06:19 PM PST
gpg:                using RSA key B2508A90102F8AE3B12A0090DEACCAAEDB78137A
gpg: Good signature from "Paul D. Smith <paul@mad-scientist.net>" [unknown]
gpg:                 aka "Paul D. Smith <psmith@gnu.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6D4E EB02 AD83 4703 510B  1176 80CB 727A 20C7 9BB2
     Subkey fingerprint: B250 8A90 102F 8AE3 B12A  0090 DEAC CAAE DB78 137A
```
(I'm assuming the "no ultimately trusted keys found" and the "This key is not certified with a trusted signature!" are because I haven't imported the entire chain, but I'm going to assume that psmith@gnu.org's signature from the public key is actually legit.)

Maybe whatever `verify-sig` uses doesn't like the signature file? `file` says it's an "old" PGP signature type:
```
$ file make-4.4.1.tar.gz.sig
make-4.4.1.tar.gz.sig: PGP signature Signature (old)
```
But `gpg` doesn't have that problem, so I'm not sure.

While I'm able to demonstrate this using the files from OSUOSL, I'm able to verify that both the tarball on OSUOSL's site and the tarball in https://ftp.gnu.org/gnu/make/ are the same, and produce the same error.