This should warn that the package is not being verified but has signatures. Maybe --ask can also allow the user to press y to generate keys and enable signature verification. Signature verification seems like an important default.


 * libnl-3.8.0-3.gpkg.tar MD5 SHA1 size ;-) ...                          [ ok ]
!!!
gpg: keyblock resource '/etc/portage/gnupg/pubring.kbx': No such file or directory
[GNUPG:] ERROR add_keyblock_resource 33587281
[GNUPG:] PLAINTEXT 74 0 
[GNUPG:] NEWSIG
gpg: Signature made Mon Mar 25 08:38:50 2024 -00
gpg:                using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D
[GNUPG:] ERROR keydb_search 33554445
[GNUPG:] ERROR keydb_search 33554445
[GNUPG:] ERRSIG 2C44695DB9F6043D 1 10 01 1711355930 9 534E4209AB49EEE1C19D96162C44695DB9F6043D
[GNUPG:] NO_PUBKEY 2C44695DB9F6043D
gpg: Can't check signature: No public key
gpg: can't create `/etc/portage/gnupg/random_seed': No such file or directory
!!! Invalid binary package: '/var/cache/binpkgs/dev-libs/libnl/libnl-3.8.0-3.gpkg.tar.partial', GPG verify failed