If I were a hacker with no access to the signing keys, I'd probably label my updates as critical too, so you would try to find a way around the update signing.

But let's not let an opportunity to paint Dell as some evil yet incompetent corporation slip through our fingers.

If they haven't pulled the "corrupt" firmware after it's been up and broken for weeks, I don't think anyone needs to rescind the "incompetent" label.

For all we know, the failure was in his employer's proxy server and the corrupt file was cached.

Let's not wait for facts though, proceed immediately to the crucifixion of Dell.

With everyone quick on the trigger to throw someone under the bus, imagine being a coworker in such a toxic environment.

I paid Dell a bunch of money for a laptop. They pushed a bios update, that ubuntu kindly relayed to me that meant when I closed the lid and put the laptop in my bag as I sat beside my daughter's ICU bed, it fried the motherboard. No really. That was the /purpose/ of the bios "upgrade." Warranty after they remotely fried my machine? No, because it worked as designed.

So yeah going bayesian given none of us can be 100% sure about anything, my prior on Dell is they suck donkeys' gonads on all levels. Competence, honesty, service, everything - until evidence shows otherwise and I've just told you why.

Why is your prior that Dell are competent even when evidence suggests otherwise?

At a minimum this is definitely a process failure due to incompetence.

"Dell is posting unsigned update executables" is a loaded statement that implies this was intentional. Dell has been signing updates since before most infosec engineers were still in middle school ogling cheerleaders. It's alarmist and highly unlikely this was intentional.

The armchair wolves already smell blood and are assigning blame before a postmortem has even begun.