>> No, this setting is to make it easier for the other ELPA archives which
>> (AFAIK) don't sign their packages (and in any case, Emacs doesn't come
>> with the keys for those).
> Perhaps package-check-signatures should be per-repository, so we are
> warned when the Gnu ELPA signature check fails.
You should be loudly warned already, if you use the default value
(unless you don't have GPG installed, IIRC).
Also, you can get the effect of per-repository package-check-signatures using
the defcustom 'package-unsigned-archives' ("List of archives where we do not
check for package signatures").