> If you download software packages from the internet, you may have noticed that some of them are signed with a GPG key. This is done to ensure that the software package has not been tampered with during the download process.
I wonder if someone could clarify this mystery to me: Supposedly the download process is protected by HTTPS, so it can't be tampered with. If we assume that it could be, then the signature that I read off their website also could've been tampered with.
Question: What am I missing?
