• Signature Verification
• Problem: The implementation in place (on ansible-galaxy CLI) is an all or nothing verification for collections.  All signatures are verified, or no signatures are verified. On Hub a collection can hold multiple signatures and even invalid/expired are not removed from collection.
• Proposals:
  Long term (after summit):
              - CLI to implement Policy configuration where user explicitly
  defines which keys to care about when performing verification.
  (following container verification model)

• Hub to Expose API for removing signatures on collections
                (so user can remove the signatures that are not valid for some reason)

• Hub to allow a configurable mode where supports only 1 signature for collections (so adding new signature will replace the older one)

Short term (workaround):

 - Filter the hub API to show only the last signature added (and keep the rest for the historical audit? or we can decide what to do with it later)

NOTES: This filter must take the Ansible-CLI user agent + version
                          as we need a safe way to turn this filter out when CLI is
                          updated in the future.

• Better Solution: IMplement this on the client side, client would take only latest signature to verify