On Mon, 18 Jun 2018 10:11:12 -0400, Andreas Grapentin wrote: > Additionally, all packages downloaded using the system installed package > manager are signed with a trusted set of maintainer keys, and packages > without matching signatures are automatically rejected in the default > configuration.
Additionally, even if the user disables GPG signature checking (tamper detection), the package manager will still use sha256sum checking (error detection). -- Happy hacking, ~ Luke Shumaker