[halvsjur]

I agree that it feels insecure, but is there really a difference between this and downloading and running files from a .tar.gz or installing a .deb for example?

[dfc]

Yes.

apt-get:

  $ ls -l /etc/apt/trusted.gpg.d/

Source Installation:

  $ wget http://nmap.org/dist/sigs/nmap-6.01.tgz.asc
  $ wget http://nmap.org/dist/nmap-6.01.tgz
  $ gpg nmap-6.01.tgz.asc

[willholloway]

This is an important part of why Debian and its derivatives are superior to OS X for web development. If you like Mac hardware like I do, at least run a Linux distro as a virtual machine and save yourself the trouble of Homebrew or its contemporaries.

[sgt]

The point is that most people don't do this.

[dfc]

Its built into apt. Unless you are suggesting that most people do:

  # apt-get --allow-unauthenticated ...

[foobarqux]

debs are authenticated.

[jaredonline]

With a .tar.gz you can verify a checksum.