Meh, just admit you didn't realise how packages are signed and move on. TLS shouldn't and cannot be used to sign installation packages. After all, TLS stands for _Transport Layer_ Security...
Well you have the right to feel offended, but he really didn't "follow logical steps and make a fair enough point" as his idea was completely wrong when it comes to signing installation packages.