Been running for a long time, today during updates, I get prompted to trust a new source - the packagekit project.
I guess the first questions are
should I trust it?
why would I get a new source?
Do I need to do anything different?
linux-f5tb:/home/Kilbert # zypper ref
Repository 'Libdvdcss' is up to date.
Repository 'Plex' is up to date.
Repository 'KDE:Extra' is up to date.
Retrieving repository 'openSUSE-Tumbleweed-oss' metadata ..............................................................................................................[done]
Building repository 'openSUSE-Tumbleweed-oss' cache ...................................................................................................................[done]
Retrieving repository 'packman' metadata ..............................................................................................................................[done]
Building repository 'packman' cache ...................................................................................................................................[done]
Repository 'openSUSE-Tumbleweed-Non-Oss' is up to date.
Repository 'openSUSE-Tumbleweed-Update' is up to date.
All repositories have been refreshed.
"the expected checksum of the file…is … but the correct checksum is… the file may have been cjanged by an attacker since the repository creator signed it…"etc
nowhere does it say the certs expired, i have seen that error many times, never saw this one.