> cannot guarantee that a MITM attacker doesn't silently replace the download
I was saying that this download is inside a package, so its signature is checked by RPM with Fedora 17 signature - or Fedora 16 signature if you are currently running F16 and have downloaded the F16 upgrade package.
If the problem is that you currently have an insecure/compromised Fedora 17 and you want to upgrade to a secured Fedora18, then there is a problem: the updater cannot use anything of the running system.
But that is not a new problem, if you have an compromised system, you have to wipe it clean and install from fresh.
It is true that encrypting the updater with F18 key is not really useful if you cannot trust the software to decrypt it (which is a Fedora 17 package).