The client validates the signature before installing any update. This reduces the risk of man-in-the-middle attackseven further as a potential attacker would haveto change not only the client on our server, but also the key, which we publish so people can verify that the keys match.