openstack-ansible-security/doc/source/developer-notes/V-38462.rst

Ubuntu checks packages against GPG signatures by default. It can be turned off for all package installations by a setting in /etc/apt/apt.conf.d/ and we search for that in the Ansible task. A warning is printed if the AllowUnauthenticated configuration option is present in the apt configuration directories.

Please note that users can pass an argument on the apt command line to bypass the checks as well, but that's outside the scope of this check and remediation.