The same way you would authenticate the provider of the source tarball. Ideally they will be downloaded from the same server.
If Trustworthy Tim doesn't want to use autopackage, you - as a user of his software - will have to convince him.
If the package is a self extracting installer or a rpm/deb/whatever doesn't make the slightest difference. It all boils down to if you trust the author of the package or not. A major difference with autopackage wrt rpm/deb/whatever is that the upstream software author creates the package, not random packager joe.
If you don't trust the author, you shouldn't be using the software, regardless of package format!
Slashdot Mirror
The same way you would authenticate the provider of the source tarball. Ideally they will be downloaded from the same server. If Trustworthy Tim doesn't want to use autopackage, you - as a user of his software - will have to convince him.
This is exactly what you get when using autopackage. Modulo some not-yet-discovered bugs of course :-)
If the package is a self extracting installer or a rpm/deb/whatever doesn't make the slightest difference. It all boils down to if you trust the author of the package or not. A major difference with autopackage wrt rpm/deb/whatever is that the upstream software author creates the package, not random packager joe. If you don't trust the author, you shouldn't be using the software, regardless of package format!