Sourceforge has md5 and sha1 hash values listed. So far, I have not seen those at the other download locations. Are PGP signatures (.sign files) the recommended way? I would like to see md5, sha1, or other hash values listed as well the PGP signatures at the other download locations. Thank you.