From 5e4d241e273e32cfc72c80526e8951a767efaaeb Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Sat, 6 Aug 2022 15:43:46 +0300
Subject: doc: Explain that apt-get download ensures package authenticity

The documentation currently does not specify whether `apt-get download`
verifies the authenticity of downloaded packages or not. The underlying
code does verify the authenticity of packages as usual and would fail if
the package signature is invalid. Therefore it makes sense to make this
guarantee explicit in the documentation, because without it
security-conscious users will likely want to recheck the signatures or
checksums manually which is not necessary in this case and just wastes
time.
---
 doc/apt-get.8.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml
index 9ecd10c19..895f24034 100644
--- a/doc/apt-get.8.xml
+++ b/doc/apt-get.8.xml
@@ -228,7 +228,8 @@
 
      <varlistentry><term><option>download</option></term>
        <listitem><para><literal>download</literal> will download the given
-           binary package into the current directory.
+           binary package into the current directory. The authenticity of
+           the package data is ensured as usual.
        </para></listitem>
      </varlistentry>
 
-- 
cgit v1.2.3-70-g09d2