Here is the first beta version of a brand new security tool: 'checkroot' is the first tool to retrieve fingerprint/gpg-pubkey updates online and therefore allows a trusted verification of your root file system roughly based on rpm --verify. Not even debsums can do that. download: http://wwwu.edu.uni-klu.ac.at/estellnb/checkroot/
It can serve as a pre-replacement for feature #306508: https://features.opensuse.org/306508. Besides this it may be a good example for the usage of private/public gpg keys (edu-purposes). Feedback welcome. Further testing required.
Elmar Stellnberger Michael Schroeder