Hi Bob,
I am going to assume you intended to speak about cvs 1.12.13.1 which is
the current top-of-tree main trunk sources for CVS. Please be advised
that 1.12.13.1 is not actually a formally released set of sources due to
some problems in the building of the Windows client.

If anyone has time to consider working on that client, and we can pass
all of the tests, then we can look to a release of cvs 1.12.14 which
will contain these new features.
It is actually asking you to sign each of the files that it is creating
in the CVSROOT directory of your new repository.

You may find it desriable to use the gpg-agent which comes with GnuPG
2.0.x to handle the credentials for the GPG key you wish to use when
signing revisions in the repository.
Yes.
Yes, but the revisions are not trusted until and unless you do a
'cvs sign' operation on the files.
If you are not going to make use of the digital signatures for each
checked in revision of files, then you may wish to disable the OpenPGP
support. Do so if you do not wish to have users asking to sign every
binary. The easiest method to use to build a CVS which does not actually
add support for GnuPG is to configure it with

configure GPG=/no/such/executable

which will have the side-effect of telling CVS that the path to gpg is
/no/such/executable but when that path does not work properly that it is
'broken' and should be ignored.

However, if you like the idea of a digital signature for each revision
of files in the repository, you may enable support and teach your users
how to use gpg-agent or similar mechanisms to facilitate multi-file
checkins without the need to be prompted for every revision of every
file.

Enjoy!
-- Mark