Hello! I was wondering if anyone else was getting this message when zypper dup’ing:
File 'repomd.xml' from repository 'adobe' is unsigned, continue? [yes/no] (no):
I would opt for “no”. Any further advice? Thank you!
How should we know where this repository points to? Post output of “zypper lr -d adobe”.
But at the end, I do not see how accepting it would be worse than manually downloading software from the same site. If you are really concerned, contact maintainer of this repo.
If you’re confident about the integrity of the repository, you can disable the gpgcheck as follows
zypper mr --no-gpgcheck *repo_uri repo_name*
or
zypper mr --gpgcheck-allow-unsigned-repo *repo_uri repo_name*
Of course, if you don’t or can’t know for sure whether the repository is faulty or perhaps you could be under attack, you should decline updating from that repo as you suggest.
TSU
If this is for flash-player, then install from the packman repo. That will avoid the problem. You get the same flash-player, but it has been repackaged for packman and the packman repo is properly signed.
When I last tried the adobe repo (for opensuse 41.2, as I recall), the repo was not signed but individual packages were signed with the adobe key.
Thank you tsu2 and nrickert, your answers have been most helpful and kind. 