Anyway we can get this done ASAP? It shouldn't take long to sign a file & post the signature.
I have a good deal of funds to secure, and simply can't risk a spoofing attack.
In the mean time, downloading through tor, your normal connection and for extra paranoid points from a server you have access to online, and then comparing the checksums of all the downloads, should be good proof that you were not the victim of such an attack.
We gotta keep it in perspective, this type of attack is highly unlikely, but when it comes down to it, I dont' think highly unlikely is enough guarantee; the downloads really should be signed. I believe most of us out there installing software in servers wouldn't be satisfied if the packages we're installing are not cryptographically signed to guarantee they were not tampered with in transit, and for crypto wallet software where users will potentially store nontrivial amounts of money, it is just as important, if not even more, to guarantee that the download really is what the user expects it to be.