Pgp

Releases are signed using [PGP]. Checking the signature is a good practice for testing the origin and the integrity of the download. To check the signature requires the public key of the signer]. If you're even more paranoid and think that server might get hacked (smart person!) check the Primary key fingerprint: ( 4C2C 85E7 05DC 7308 3399 0C38 A937 6139 A524 C53E )

But well, this is a wiki and the public can edit such pages...the PGP way to decide which key to trust would be for the owner of the key to get it signed by some other well-trusted keys. (Suggestion to Igor)