This should warn that the package is not being verified but has signatures. Maybe --ask can also allow the user to press y to generate keys and enable signature verification. Signature verification seems like an important default. * libnl-3.8.0-3.gpkg.tar MD5 SHA1 size ;-) ... [ ok ] !!! gpg: keyblock resource '/etc/portage/gnupg/pubring.kbx': No such file or directory [GNUPG:] ERROR add_keyblock_resource 33587281 [GNUPG:] PLAINTEXT 74 0 [GNUPG:] NEWSIG gpg: Signature made Mon Mar 25 08:38:50 2024 -00 gpg: using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D [GNUPG:] ERROR keydb_search 33554445 [GNUPG:] ERROR keydb_search 33554445 [GNUPG:] ERRSIG 2C44695DB9F6043D 1 10 01 1711355930 9 534E4209AB49EEE1C19D96162C44695DB9F6043D [GNUPG:] NO_PUBKEY 2C44695DB9F6043D gpg: Can't check signature: No public key gpg: can't create `/etc/portage/gnupg/random_seed': No such file or directory !!! Invalid binary package: '/var/cache/binpkgs/dev-libs/libnl/libnl-3.8.0-3.gpkg.tar.partial', GPG verify failed