doc: Explain that apt-get download ensures package authenticity

The documentation currently does not specify whether `apt-get download` verifies the authenticity of downloaded packages or not. The underlying code does verify the authenticity of packages as usual and would fail if the package signature is invalid. Therefore it makes sense to make this guarantee explicit in the documentation, because without it security-conscious users will likely want to recheck the signatures or checksums manually which is not necessary in this case and just wastes time.
author: Povilas Kanapickas <povilas@radix.lt> 2022-08-06 15:43:46 +0300
committer: Povilas Kanapickas <povilas@radix.lt> 2022-08-06 15:43:46 +0300
commit: 5e4d241e273e32cfc72c80526e8951a767efaaeb (patch)
tree: 0074f795ff5bc1c55990425c7acb9b023962616e /doc
parent: 2d87af57ea52cb37c60103abb6468e0ad44864ff (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml
index 9ecd10c19..895f24034 100644
--- a/doc/apt-get.8.xml
+++ b/doc/apt-get.8.xml
@@ -228,7 +228,8 @@
 
      <varlistentry><term><option>download</option></term>
        <listitem><para><literal>download</literal> will download the given
-           binary package into the current directory.
+           binary package into the current directory. The authenticity of
+           the package data is ensured as usual.
        </para></listitem>
      </varlistentry>
author	Povilas Kanapickas <povilas@radix.lt>	2022-08-06 15:43:46 +0300
committer	Povilas Kanapickas <povilas@radix.lt>	2022-08-06 15:43:46 +0300
commit	5e4d241e273e32cfc72c80526e8951a767efaaeb (patch)
tree	0074f795ff5bc1c55990425c7acb9b023962616e /doc
parent	2d87af57ea52cb37c60103abb6468e0ad44864ff (diff)