--verify-sig: Remove download if verify fails
The average user would possibly ignore the error/warning if the signature is bad. To protect those, we should remove the download. Someone who wants to inspect the file and maybe the signature will download them separately (without -s).