opened 05:30PM - 11 Nov 23 UTC
## Problem description
Digital software signatures are not always verified. Thi…s is bad for security.
## Expected behaviour
Digital software signatures are always verified.
## Steps to reproduce the behaviour
1. Look at https://github.com/OSInside/kiwi-descriptions/blob/master/debian/x86_64/debian-buster/config.xml
2. See:
```
<rpm-check-signatures>false</rpm-check-signatures>
```
```
repository_gpgcheck="false"
```