Support, today I have noticed that the slowroll wiki page <https://en.opensuse.org/openSUSE:Slowroll> had listed changed URLs for the repositories. My slowroll was stuck on october 2023. I then removed all the previous (experimental and what not) URLs and added all according to the wiki page. So far so good. When doing then zypper ref it refreshed all repos except for one where it listed a security question about trusting a pgp / gpg? or repository key or signature or whatever correct wording for that situation was. It showed a long fingerprint and then asked me if to always trust, or temporarily or not at all etc. How do I decide such a question in a meaningful and valid way, how do I double check that information that is being presented there? I never understood so far, also observed previously other similar situations on the mailing lists, that essential security and trust related information is not thoroughly and prominently being communicated and presented on open / suse webpages for user base to be able to double check and verify against. Back then, some new? wiki page has been added also for opensuse at <https://en.opensuse.org/openSUSE:Signing_Keys> but this doesnt? list that key or pgp or fingerprint stuff that the zypper command presented as far as I can tell. Is this really best practices for open source projects of letting the user base out alone in the dark, to make arbitrary decisions and unclear choices and so on? please do communicate all the security related basics and fundamental information always in advance, in a single or organized and structured place and please do tell me how do you guys all decide during such moments, how do you live with our without trust, verifiability etc Maybe I am just uneducated, to me it seems as if? nobody just never cares for such stuff. Why? In my universe, I try to establish some kind of chain of strust, on going to webpages of projects, of finding their security and project and organisational information and make educated? choices. maybe I am overestimating or exaggerating my own approach into this and the results and conclusions I end up with, so maybe I am all wrong. thanks lots.