Artifactory will not sign for packages as it does not create them. When a package is pulled from an upstream registry through Artifactory remote repository, as the upstream registry already contains the metadata, it will be pulled along with the package and stored in the remote repository’s cache. Hence, you will not find any issue while accessing directly via remote repository.