Comment # 2 on bug 1223446 from Christian Boltz

(In reply to Michael Andres from comment #1)
> (In reply to Christian Boltz from comment #0)
> > My _guess_ is that the missing key had a similar result as disabling the
> > repo. Still, even "zypper dup -y" should error out if a repo is signed with
> > an unknown key, instead of silently disabling the repo and removing
> > seemingly "orphaned" packages.
> 
> Right, skipping the repo is the default (legacy) behavior.

This behaviour is quite dangerous and destructive, I'd seriously recommend to
change it to "abort non-interactive operations if a repo is broken or
unavailable".

The current behavior also broke the mailman web interface on lists.o.o, see
https://progress.opensuse.org/issues/167362