We explicitly do not pay attention to the value in .bzr/branch/branch.conf for signature signing/checking.
The checking side of it is the important one, as it would allow a 3rd party to explicitly request that you *not* check the signatures on their branch, which would be in volation if you had set "check_signatures=always" in your local config.
That said, I'm not entirely sure why "create_signatures" couldn't be trusted, as you can write to that location.
We explicitly do not pay attention to the value in .bzr/branch/ branch. conf for signature signing/checking.
The checking side of it is the important one, as it would allow a 3rd party to explicitly request that you *not* check the signatures on their branch, which would be in volation if you had set "check_ signatures= always" in your local config.
That said, I'm not entirely sure why "create_signatures" couldn't be trusted, as you can write to that location.