TL; DR:
- the new workflow changed behaviour regarding gpgkey parameter
- all (not only “most”) our repos use “repo_gpgcheck=off” - but also all our repos use “gpgcheck=1” ==> this combination is acceptable for us and for you/SUSE, too
- because “gpgkey=URL” isn’t accessible in our current setup (no auth!), we can and should remove it, as all gpgkeys are already in rpmdb