WordPress core and all plugin updates having error: The authenticity of wordpress-5.3.1-partial-0.zip could not be verified as no signature was found.

[toggerybob]

For many releases of WordPress now, we continue to receive the error when updating both WordPress core and plugins.

We're at the point that we no longer feel safe installing these updates.

Can someone please address the recurring error:

SUCCESS: WordPress was successfully updated to WordPress 5.3.1

UPDATE LOG
==========

WordPress 5.3.1

---

Updating to WordPress 5.3.1
Downloading update from ​https://downloads.wordpress.org/release/wordpress-5.3.1-partial-0.zip...
The authenticity of wordpress-5.3.1-partial-0.zip could not be verified as no signature was found.
Unpacking the update...
Verifying the unpacked files...
Preparing to install the latest version...
Enabling Maintenance mode...
Copying the required files...
Disabling Maintenance mode...
Upgrading database...
WordPress updated successfully

---
Thanks.

[Presskopp]

looks like this has been discussed (and closed) here:
​https://wordpress.org/support/topic/wordpress-5-3-could-not-be-verified-as-no-signature-was-found/

[toggerybob]

Not seeing any resolution on that provided link...

[garrett-eclipse]

The message to my understanding is currently informational. In 5.2 the signature verifications were rolled back due to some issues with incompatible PHP versions. The messaging was left but can be safely ignored. In future those verifications will be re-enabled.

Related: #45806, #39309, #47343

[desrosj]

Hi @toggerybob,

Signature verification is not yet enabled, so this message is expected to be displayed.

[44954] introduced experimental package signature verification. However, there were some difficult problems identified that need to be solved in order to securely use this feature in practice. You can read more about this here ​https://make.wordpress.org/core/2019/08/16/ssl-for-auto-updates/.

[SergeyBiryukov]

Duplicate of #47343.