I understood you perfectly well. My answer stands, same as above.
I’m puzzled about why you think I’m not understanding you. I believe I’m giving very clear and direct answers to your questions, yet there’s clearly some kind of gap in communication here. Perhaps it will help if I recap the discussion thus far, beginning with the context in which the DVD was brought up in the first place:
In other words, the DVD is supposed to serve as a secure root of trust for users. Rather than having to use the web of trust or learn the genuine QMSK fingerprint on their own, download keys and signature files, then using GnuPG or a similar tool to verify signatures, users would instead be able to get a DVD that contains everything they need to authenticate Qubes files, including ISOs.
That’s the theory. However, as I explained above, it is unlikely to work in practice. An attacker could replace the DVD while it is in transit or replace files at the facility where the DVDs are burned, or countless other things. A professional-looking Qubes logo printed on a DVD provides zero security. Anyone can do that.
Therefore, we would not be able to automatically trust that some DVD with a Qubes logo printed on it that came from some other part of the world is genuine. So, we’ll have to authenticate the DVD when we receive it. But notice now that we have simply pushed the original problem back by one step. Our original problem is that we had to authenticate the Qubes ISO. The proposed solution was to ship a DVD containing everything needed to authenticate the ISO. (Alternatively, it could simply be the desired Qubes ISO burned onto a DVD.) But now we have to authenticate the DVD. We have not solved the original problem. We have simply relocated it.
Now, it is certainly possible to authenticate the DVD (using essentially the same means as we would use to authenticate the ISO), but it is a pointless extra step. In that case, we might as well cut out the middle man and directly authenticate the ISO, which was our goal in the first place.
In the abstract, downloading an ISO over the internet and receiving a DVD in the mail are both means of receiving data through an untrusted infrastructure. Therefore, it should not be surprising that the same general security properties apply to both.