Comment 7 for bug 1649097

Arnold, do you mean, that source packages are cross-signed with official Ubuntu key that are already in `apt-key list` after Ubuntu installation? I understand that if 'Hash sum' check fails I get this kind of error message, but what about, for instance, spoofing ubuntu.com domain by my Internet provider and writing correct hash sum for modified contents into .dsc file?

Thanks