Those signature files should have a checksum, or even a digital signature. I mean even if it doesn't crash the entire computer, a flipped bit in there could still turn the entire thing against a harmless component of the system and lead to the same result.
What happens when your mechanism for checksumming doesn't work? What happens when your mechanism for installing after the checksum is validated doesn't work?
It's just too early to tell what happened here.
The likelihood is that it _was_ negligence. But we need a proper post-mortem to be able to determine one way or another.
