Hi, I spent this weekend understanding why when update my vm to F38 branched I got a lot of [1] the key ID d651ff2e is "our" key RPM-GPG- KEY-rpmfusion-free-fedora-2020 For an introduction to this topic I recommend this 2 articles [2] . In resume rpm sign with SHA1 aren't installed in F38 unless we change the defaul crypto police (update-crypto-policies --set LEGACY) , I wrote in https://discussion.fedoraproject.org/t/header-v3-rsa-sha1-signature-key-i... one solution . And I have checked all rpmfusion packages with fc36 have SHA1 when now we need to have SHA256 , ATM I found these 5 packages [3] , which I will rebuild it to be signed again or have you other suggestions ? Best regards, [3] rfpkg-minimal-0.4.2-1.fc36.noarch.rpm rpmfusion-free-obsolete-packages-35-1.fc36.noarch.rpm wormsofprey-data-20051221-15.fc36.noarch.rpm lpf-cleartype-fonts-1.0-3.fc36.noarch.rpm lpf-mscore-tahoma-fonts-1.0-3.fc36.noarch.rpm [1] Running transaction check error: rpmdbNextIterator: skipping h# 1777 Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD Header SHA256 digest: OK Header SHA1 digest: OK [2] https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-... https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-... -- Sérgio M. B.