Make GPG signature checking is called "filtering"
2.10 introduces a new feature which has been referred to as "GPG Signature Verification". The actual behavior of this feature is more along the lines of "GPG Signing Key ID Filtering"; actual gpg signatures are never verified. It needs to be made very clear in our documentation that the feature as it exists does not improve security of packages in pulp.
The changes related to this issue will most likely be grafted into the 2.10.0 release candidate, so they must consist of documentation changes only.