rpmlib can be enabled to verify every package signature whenever read.
This is typically disabled by metainstallers like zypp/yum/smart.
But all depends on what your threat model is ... there's usually
no reason why every package signature needs to be continually
verified; once is often sufficient.
rpmlib can be enabled to verify every package signature whenever read.
This is typically disabled by metainstallers like zypp/yum/smart.
But all depends on what your threat model is ... there's usually
no reason why every package signature needs to be continually
verified; once is often sufficient.