Ticking off: [x] medias signed [x] repository signed Packages are signed: rpm -K tree-1.7.0-lp150.1.8.x86_64.rpm -v tree-1.7.0-lp150.1.8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 3dbdc284: OK Header SHA1 digest: OK Header SHA256 digest: OK Payload SHA256 digest: OK V3 RSA/SHA256 Signature, key ID 3dbdc284: OK MD5 digest: OK ISO is signed with openSUSE key: gpg --verify openSUSE-Leap-15.0-DVD-x86_64-Build206.1-Media.iso.sha256 gpg: Signature made Tue Apr 17 11:35:37 2018 CEST gpg: using RSA key B88B2FD43DBDC284 gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 Repos are signed with the same key: gpg repomd.xml.key gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa2048 2008-11-07 [SC] [expires: 2024-05-02] 22C07BA534178CD02EFE22AAB88B2FD43DBDC284 uid openSUSE Project Signing Key <opensuse@opensuse.org> gpg --verify repomd.xml.asc gpg: assuming signed data in 'repomd.xml' gpg: Signature made Thu May 3 11:33:44 2018 CEST gpg: using RSA key B88B2FD43DBDC284 gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 [x] verify product can install maintenance updates (tested by installing available updates after fresh install from ISO) Current status: General: [x] Install and perform lynis scan [ ] review for outstanding major security issues Defaults: [x] running default services [x] setuid and privileged friends Media and repositories: [x] medias signed [x] repository signed Sources: [ ] thrawl rpmlintrc for bypasses of rpmlint checks [ ] clamav scan of sources Development processes: [ ] verify package review process were adhered to [ ] verify standard development model was followed Updates: [x] verify product can install maintenance updates