All that is necesary to make your system unsecure is:
smart config --set rpm-check-signatures=False
Use this if you are 100% sure the source files are perfect. Else:
smart config --set keyserver=pgp.mit.edu
and only use signed RPMs.
I was faced with this message from the smart package manager under SuSE 10.1.