Repositories, packages, and integrity
Packages and their patches are pooled in software hubs called repositories and the main Linux repos, thanks to a well-honed system, can be considered safe and secure.
Note
Your /etc/apt/sources.list catalogues the repositories your system fetches from, with notes for each, so take a look.
Some packages, though, may not be available from official repositories, else take months for updates to trickle through, so we can add extra locations to our sources.list. The thing to bear in mind is that not every repository is maintained as well as those for the official Linux distributions. Servers can be compromised, as can packages.
From non-mainstream repositories, therefore, as well as for any compressed packages to be compiled from source, it's important to check our downloads.
Verifying genuine software
The two most common ways to ensure the integrity and authentication of downloads are MD5 checksums and GnuPG signatures. The latter is the preferred, safer method...
