I think that although (1) would fix this issue, (4) is probably a better way to go. (It looks like (1) would work, but it could be one of those things where there's an issue you don't find until later. I looked at the original implementation, and when the signature_verification flag was introduced to the patch, it was in the current format of writing directly to the DB. So I don't know whether that was a design decision forced by necessity or choice.)
I think that although (1) would fix this issue, (4) is probably a better way to go. (It looks like (1) would work, but it could be one of those things where there's an issue you don't find until later. I looked at the original implementation, and when the signature_ verification flag was introduced to the patch, it was in the current format of writing directly to the DB. So I don't know whether that was a design decision forced by necessity or choice.)