Arnold, do you mean, that source packages are cross-signed with official Ubuntu key that are already in `apt-key list` after Ubuntu installation? I understand that if 'Hash sum' check fails I get this kind of error message, but what about, for instance, spoofing ubuntu.com domain by my Internet provider and writing correct hash sum for modified contents into .dsc file?
Arnold, do you mean, that source packages are cross-signed with official Ubuntu key that are already in `apt-key list` after Ubuntu installation? I understand that if 'Hash sum' check fails I get this kind of error message, but what about, for instance, spoofing ubuntu.com domain by my Internet provider and writing correct hash sum for modified contents into .dsc file?
Thanks