Well in defense of BT, it hashes everything and the good hashes of all the pieces are well known, so it shouldn't be too bad. I'm sure this can be done to work well and be of fairly high integrity.

I've been using this program to update my Debian Lenny system for the past month or so, without problems. The status page says that the total number of users in the distributed hash table is still pretty low, but it's probably because the software is relatively new. The program mentioned in the article, apt-p2p, doesn't actually use bittorrent, although the author of apt-p2p, Cameron Dale (http://www.camrdale.org/), previously wrote a monolithic apt bittorrent plugin called DebTorrent (http://debtorrent.alioth.debian.org/). As far as I can tell, with both programs apt performs checksumming as it normally does, though it checks using hashes from the Packages.gz file downloaded via the programs.