i have the same problem
i youse
sudo yum update
&
i have fedora 38
I moved this to a new topic so it would get more attention. The topic it was posted in originally was over a year old and was about Fedora 33.
Note that F38 is currently rawhide, so be ready to see/debug issues. 
That said, this is because rpm in rawhide recently switched to use sequoia for it’s gpg needs. sequoia is a rust written library. It (unlike the old internal rpm gpg handling code) honors the system wide crypto policy. In Fedora 38+ that policy disallows the use of SHA-1 signatures.
Most likely you have installed google chrome or some other package that is signed with SHA-1 signatures. google supposedly knows about this and is working on fixing it.
In the mean time you can run ‘sudo update-crypto-policies --set DEFAULT:SHA1’ to override the policy and allow them. That should allow you to upgrade/remove the offending packages. Don’t forget to set it back to DEFAULT when done.
3 Likes
ok THK