For example, VLC (and, IIRC, Firefox) uses asymetric crypto to sign the update messages and the binaries. And the private keys are in none of the VideoLAN servers, but in other secret locations.
So, if the server is hacked, or a DNS is spoofed, you cannot make auto-update pull broken/malware binaries.
The problem is that, if your update process is buggy in some release, you loose those users forever...
So, if the server is hacked, or a DNS is spoofed, you cannot make auto-update pull broken/malware binaries.
The problem is that, if your update process is buggy in some release, you loose those users forever...