## download.media_preference = download
##
+## Signature checking (repodata and rpm packages)
+##
+## boolean gpgcheck (default: on)
+## boolean repo_gpgcheck (default: unset -> according to gpgcheck)
+## boolean pkg_gpgcheck (default: unset -> according to gpgcheck)
+##
+## If 'gpgcheck' is 'on' we will either check the signature of repo metadata
+## (packages are secured via checksum in the metadata), or the signature of
+## an rpm package to install if it's repo metadata are not signed or not
+## checked.
+##
+## The default behavior can be altered by explicitly setting 'repo_gpgcheck' and/or
+## 'pkg_gpgcheck' to perform those checks always (if 'on') or never (if 'off').
+##
+## Explicitly setting 'gpgcheck', 'repo_gpgcheck' 'pkg_gpgcheck' in a
+## repositories .repo file will overwrite the defaults here.
+##
+## DISABLING GPG CHECKS IS NOT RECOMMENDED.
+## Signing data enables the recipient to verify that no modifications
+## occurred after the data were signed. Accepting data with no, wrong
+## or unknown signature can lead to a corrupted system and in extreme
+## cases even to a system compromise.
+##
+# repo_gpgcheck = unset -> according to gpgcheck
+# pkg_gpgcheck = unset -> according to gpgcheck
+
+##
## Commit download policy to use as default.
##
## DownloadOnly, Just download all packages to the local cache.
##
## When committing a dist upgrade (e.g. 'zypper dup') a solver testcase
## is written to /var/log/updateTestcase-<date>. It is needed in bugreports.
-## This optin returns the number of testcases to keep on the system. Old
+## This option returns the number of testcases to keep on the system. Old
## cases will be deleted, as new ones are created.
##
## Use 0 to write no testcase at all, or -1 to keep all testcases.