On Thu, Apr 29, 2021 at 4:28 PM Michal Suchánek
There are two verifications - by zypper and by rpm. You get warning from rpm but the package should have been verified by zypper anyway.
sorry list, I am not understand if I am compromised or not. I did a zypper dup with that releasever variable being set to 15.3 I did not skip over warnings that keys were missing or to be imported or what not. zypper dup asked me if i was okay with the release notes or legal stuff of suse llc and gpl2. and the second question it asked if i wanted to proceed with the 2000+ packages to be fetched, that summary. It then went on with downloading packages and working on them. Every package installing or updating printed those missing keys for the signature of the package line. What situation is my system in right now? have all those packages been installed without any proof whatsoever that they were legit and original packages bye suse llc? What do I need to do now? Am I imagining? ty.