Upgrade/Install: Remove the download authenticity message from Core/Plugins/Themes updates.

This changeset deactivates the download authenticity message by disabling package signature verification, at least until software signing is fully implemented on wordpress.org. The provided message had no actionability and only led to more support.

Props jipmoors, afercia, bridgetwillard, s0what, rajinsharwar, audrasjb, johnbillion, peterwilsoncc.
Fixes #47315.



Built from https://develop.svn.wordpress.org/trunk@58319


git-svn-id: http://core.svn.wordpress.org/trunk@57776 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/class-core-upgrader.php

@@ -121,7 +121,7 @@ class Core_Upgrader extends WP_Upgrader {
 			return new WP_Error( 'locked', $this->strings['locked'] );
 		}
 
-		$download = $this->download_package( $current->packages->$to_download, true );
+		$download = $this->download_package( $current->packages->$to_download, false );
 
 		/*
 		 * Allow for signature soft-fail.

wp-admin/includes/class-wp-upgrader.php

@@ -828,7 +828,7 @@ class WP_Upgrader {
 		 * Download the package. Note: If the package is the full path
 		 * to an existing local file, it will be returned untouched.
 		 */
-		$download = $this->download_package( $options['package'], true, $options['hook_extra'] );
+		$download = $this->download_package( $options['package'], false, $options['hook_extra'] );
 
 		/*
 		 * Allow for signature soft-fail.

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.6-alpha-58318';
+$wp_version = '6.6-alpha-58319';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.