but I am not sure if changing “SigLevel = Never” in “/etc/pacman.conf” is smart. At least the upgrade worked, but can I trust it? Can someone give me a clue?
Of course, without the totally insecure allowing of all signatures. Theoretically, all your packages could now be compromised because your mirror (or any malicious actor in-between) could send you modified packages without you noticing because you allowed all signatures.