Comment 1 for bug 1918969

I talked with Gustavo and we agreed that support for this can be added by introducing a new property `insecure: true` that would be required when key-id is not present. Initial support would be limited to file:/// repos.