Currently when installing a package, we don't verify the signature. This needs done for both local and remote installs.
Currently when installing a package, we don't verify the signature. This needs done for both local and remote installs.