It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data , performs incorrect verification of 304 replies , does not perform the checksum check when the Acquire::GzipIndexes option is used and does not properly perform validation for binary packages downloaded by the apt-get download command .