reenable signature verification
    
    It was supposedly disabled in 2014 (but never implemented anyways). We
    should check the signature (per guidelines), and we can, so let's do it.
    
    The keyring is generated from gnupg.org's legacy public key block (our
    tool deals with keyrings only), filtered for the relevant key of Werner
    Koch only. It is expired as of today but was not at release time of the
    packaged sources. Expect the keyring to change for the next release!