If you attempt to perform a "yum update" and a package is not signed, it will fail with a "Package $RPM is not signed" error. If more than one package is not signed, it will only report the first one it encounters. To find out all the packages that aren't signed, you need to then run "yum update -x $PACKAGE" and see if it fails again. It would be nice if it reported all the unsigned packages when failing with that error, not just the first one.
The problem is that the most common configuration is to have a single key for an entire repo. ... and so the entire repo. is either signed or not. Thus. it's often not desired to get the warning N times when you are updating N pkgs. If you need to do some rel-eng type checking, a tool using the yum API would be much better.