Being a "Security" toolkit, I was surprised not to see any type of file hashes, like sha256 and PGP signatures... How can I be reasonably sure that the files I download from this site have not been compromised? Is there some other way to verify these files?