A secondary method for authenticating updates would also be wise. When Moxie Marlinspike's null-prefix SSL bug landed, people with vulnerable versions of Firefox were somewhat screwed: Firefox used only SSL to ensure the authenticity and integrity of updates, but SSL was broken, so the update fixing SSL security couldn't be authenticated!

Most of the attack vectors for software updates depend on man in the middle (via DNS spoofing), so this would not help right?