http://igurublog.wordpress.com/2011/02/19/archs-dirty-little-notso-secret/ Quoting from the website. Most distributions, even Windows, sign their packages so that when the computer downloads and installs them, it can check the signature to make sure the package is authentic – it hasn’t been tampered with on the server, or anywhere between the server and the local system. This mechanism has been …