(In reply to Dirk Weber from comment #20) > Would it be possible and make sense that the openSUSE package signing key > signs(=trusts) the SUSE package signing key and then the SUSE key would > automatically be imported as trusted on openSUSE? Basically yes, but not as 'quick' fix now. We're already working on a 'zypper keys' command to support viewing and managing the trusted keys. Once we have a better tool to inspect and manipulate the keys, we can think about automatism. Otherwise unwanted results or miss behavior are hard to detect and fix. Whatever automatism we offer it needs to be configurable, and the sane default is 'none'. The request/ideas so far contain a 'configurable list of fingerprints that may be autoimported'. A transitive trust, like you suggested also fits in there. But IMO one wants to define which keys are allowed to auto import keys by signing them.