Comment 2 for bug 635492

rpmlib can be enabled to verify every package signature whenever read.
This is typically disabled by metainstallers like zypp/yum/smart.

But all depends on what your threat model is ... there's usually
no reason why every package signature needs to be continually
verified; once is often sufficient.