Ted Zlatanov <tzz@lifelogs.com> writes:

> Just one code comment:
>
> +(defcustom package-check-signature 'allow-unsigned
> +  "Whether to check package signatures when installing."
> +  :type '(choice (const nil :tag "Never")
> +                (const allow-unsigned :tag "Allow unsigned")
> +                (const t :tag "Check always"))
> +  :risky t
> +  :group 'package
> +  :version "24.1")
>
> IMHO this should be per archive, not global.  WDYT?

Yes, actually I was in doubt how to support that.  Given that most of
the archives will be eventually signed (as Stefan pointed[1]), I'm now
thinking of:

* remove the package-check-signature option, and

* even if an archive is listed in package-unsigned-archives, check
  signature if .sig file is provided (ignoring verification error)

How does this sound?  Here is a patch in this direction.

Footnotes: 
[1]  http://article.gmane.org/gmane.emacs.devel/160658