New percona-release package improperly signed?

You can fetch that package via HTTPS, which gives some credibility - [url]https://repo.percona.com/yum/percona-release-1.0-3.noarch.rpm[/url]
It’s been a problem here too, and for some of our customers.