Checksum and GPG signature (Nov 1, 2012)
Checksum (SHA1, 160-bit) is now displayed for source packages and some binary packages on download page. GPG signature is available for each stable release (the two source packages). You can find instructions to verify packages on download page.
This should help you to verify that downloaded packages have not be corrupted in any way.