I think it would be nice if you guys published a public key so we could verify that the package we are downloading is the real package. It only causes one error message in Linux however it would be nice to be there in the future when you start using more mirrors and helps protect in the event the fileserver gets hacked.