Cryptographic Signature on Update

Thanks in advance for any opinions.

As CPF loaded a pop-up alerted me that the CPF Updater was trying to connect. The message stated that the cryptographic signature had changed since tha last update. Further it said that if I’d upgraded/reinstalled since the last time CPF had updated that it was okay otherwise it could be malicious behaviour. I upgraded about a week ago but the updater ran yesterday (a check) so my question is:

Is the message sent out with the updater just for general purposes? If someone doesn’t check each alert how would they know that the cryptographic signature has changed and that it could possibly be malicious?