So, how do we trust this update given a) we don't know for sure that the original bug was an honest mistake, and b) the encryption checking mechanism is blown so the update to fix the bug can be hijacked.