However, there are some issues with the GPG key for this repo (which is a known issue and can be fixed manually if you want to do so), but since the repo is provided by Oracle under their domain I simply chose to ignore the warnings when adding the repo and when installing VirtualBox. Of course doing so should never be advised unless you can be 100% sure about the trustability like in this case.
I checked the “Don’t show this warning again” box in both cases, assuming that it would only apply to the added repo. But since I am not sure, I wanted to revert this setting. Obviously this can not be done in the GUI, but I also was not able to find any configuration file where this setting can be controlled. Neither /etc/sysconfig/yast2 nor the files in ~/.config/YaST2 have any entries related to this setting.
So how can I revert this “Don’t show warning again” choice to ensure that the GPG integrity of repos and packages will always be verified?
YaST Repositories
There you can remove the GPG key.
Question: you know that this repository is for Leap 15.3? Why not using the correct repo for Leap 15.6 as this thread category suggestscthat you use Leap 15.6?
Sorry, but you misunderstood my question. I checked the “Don’t show warning again” box when YaST2 displayed a warning due to the issues with the missing or invalid GPG key.
If I delete the repo and add it again, YaST2 simply won’t verify the GPG integrity.
So how can I enable this verification again?
I changed the value of “show_again” to true. After having deleted and then having added the repo again YaST2 now displays a warning about the repo being signed with an unknown GPG key.
There are three issues in this context:
Obviously the YaST2 GUI should have a menu setting or a preferences dialogue where one could configure things like whether warnings about an unknown GPG key will be shown or not.
If this configuration can not be done via the YaST2 GUI (which should be the way to go), then at least the documentation should point to /var/lib/YaST2/dont_show_again.conf which is not the case. You can find this configuration file only by looking at the YaST2 source code.
The saved preference for showing or not showing a warning about an unknown GPG key is applied everytime a new repo is added. Many users will think that “Don’t show this warning again” would exclusively be applied to the repo they added and trust (e.g. due to being hosted by Oracle) since the warning’s wording almost suggests that interpretation.
This is quite dangerous in fact, because users might later add another repo with an unknown GPG key which will be added without any warning, although the repo might not be trustworthy like the one when “Don’t show warning again” was checked, wrongly assuming it would only apply to the trustworthy repo.