Digital signing ensures the recipient of the package can trust the Digital Signature that was applied to the update. If an attacker was able to compromise the digital signature keys, they would also have the ability to impersonate the original author/publisher and create their own malicious updates (malware). These would be inherently trusted by the recipient since they trust the Digital Signature associated with the author/publisher. This could affect software security patches or hardware appliances such as routers. Using your own Digital Signing service within Thales Data Protection On Demand, you can protect the private keys associated with your signing application in an HSM service to avoid the private keys from being stolen or compromised.
