With the new system, when I look at a file I know it came from some identifiable individual I don't know anything about. With the old one, I know it came from kernel.org. I know something about kernel.org. I know it's set up (and always has been) to tend not to accept garbage.
If I understand correctly you don't have any reason to trust the old style kernel.org signature as it doesn't say anything about where the code came from or whether it is garbage or not since everything was automatically signed. All it told you is that the person who uploaded it had legitimate or illicit access to the kernel.org server, nothing more.
You could just assume trust for anything signed, which would be the same security posture as before. It'd be great if there were more easily accessible, clear and accurate documentation on how to do useful signature verification. I just checked the kernel.org signature page and it looked like it hasn't been updated in a decade.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds