(In reply to Marcus Meissner from comment #4) > Michael, this http://linuxdownload.adobe.com/linux/x86_64/ You don't have permission to access /linux/x86_64/ on this server. We currently just offer to import the key that is used to sign the metadata. No matter if the repo matadata are signed or not, we'd need a way to offer additional keys used to sign packages in the repo. Where shall those keys come from? The susetags content-file has a KEY section, and we at least download the gpg-pubkeys listed there. Rpmmds repomd.xml by now has nothing like this; we'd need a similar section for additional keys to download. If we have a way to make those keys available on a system, we could make zypper ask whether to import those additional keys as well.