9 years ago
Kernel updates are supplied as Debian packages, which are by default GPG signed. This makes them cryptographically verified by upstream, as well as detects package corruption in transit.
If a package can't be verified, then you are already notified by the update manager.
I am not sure, but with my spotty internet I have gotten several checksum mismatch errors over the months.
So in conclusion I think they already happen behind the scenes in the update manager.
I'm pretty sure that kernel updates are shipped with checksums already.
Checksums are recommended in the debian policy.
I don't think your issue with the update was because the data was borked on the way.