Notice that this is distinct from checking signatures on a per package
       basis. It is designed to prevent two possible attacks:

       •   Network "man in the middle" attacks. Without signature checking,
           malicious agents can introduce themselves into the package download
           process and provide malicious software either by controlling a
           network element (router, switch, etc.) or by redirecting traffic to
           a rogue server (through ARP or DNS spoofing attacks).

       •   Mirror network compromise. Without signature checking, a malicious
           agent can compromise a mirror host and modify the files in it to
           propagate malicious software to all users downloading packages from
           that host.