For the future I think it best if I sign distributed binary files with a pgp signature for added security.
I am publishing this key I created for the project here , on github and elsewhere.
If we (as a team) decide to adopt this process in the future you will know any binary I release is from me by checking the signature.
An ounce of precaution is worth a trainload of trouble
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQGNBFXn6DsBDACfk1PGXC1j8G5zL/NHHDkPhj/JCnM97Rh10kuT4QUMfSxWkg3Y
7t3t2lTSQu13uGipQj+HXPFNOYP2dzVazBWYF/3zmetEydiaEzrXnGKEpm1fHlcE
fnrPxSFhgVvOIt/NhVFlm8dAyJhTFTbR1XUnNjKhS6OhpPVS5fl1YE53Ve5QHfjd
fGj4C+QPRaKstP7uNPgaiXgIuSYJC/LZWDTiSX0KpSiVKw7XzviR+aK91t7gY0j6
HLcRMKfoVxmwXq7mGilLo5TJUSkW4dc6CmMY66zJVr+lyZaROLKOo7dkNcRMmG5O
0st1G6rkwMXpqGB/WuhzTMAwMaS3Fa6M9Ea766PB52JkUIeidsjOl/GojkE0jZQP
wCQz3so0Z+KojgkgKABsFmFR60UOF8g9C7IN2YahHRA1PQq+vt5RvSF51CkD4qu0
sb1fZXgFd/a6Ra1b96mPh0Y/Xl3tArGt3DJh93ipwJGezFF9laGKo6NlnOTVcGVD
g8B3xdR5rR4sNlcAEQEAAbRoUGhvdG9uIFByb2plY3QgKG5vdCBhY3R1YWwgZSBt
YWlsIGFkZHJlc3Mgc2luY2UgZSBtYWlsIGlzIGFuIHVuc2VjdXJlIHByb3RvY29s
KSA8cGhvdG9ucHJvamVjdEBudWxsLmNvbT6JAbkEEwECACMFAlXn6DsCGwMHCwkI
BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAc7x7p7SQapSChDACd7lS5zltO/LhT
3IwgY9aFceA43sY13ofsi1mqEPb2PGLsY6184Fff6gEtQlr8JmvVKCr5g8m0EuZm
Gid34tzHyvO15nPMcctnBb7Xm/wcF0PFnFxZ072pbS5d3MaVZHef1pQtugo4Z4Yb
sPp9mTdk7bFKMy4SWrWDzh5W/W9pem9tktv5Du2x6fI78ajfNKO9Tz2KxLnj9PEM
II6k4FmzzZTFjpIzFAIbi2dOUeMoa4MwOx2pRKGJ8AbKWpa0mC4Ya8Ts8DfWDGaZ
TT8G6F5eq4vc5gCf8SeFv5ty4/bK3YkkF5vN/eu4rk17HE6LlxbLejYlEsHdkLAj
selWxtfi9f95FDzuCfMCnFIPxvULs3H8g5nlQbEYGsInXiFwxWtlBCkCQpOK8x5/
DtvZ80U4p9HA3/HZrAeh2npFBOn1Jncr30sig1xkgWx9AKqBS+wXTUI02rjgOgDp
GthHXOoEK/vOsas97KV5A90PLkP2xj1IEPIKKd6MwVtm2yfStfa5AY0EVefoOwEM
ALqmhCrDr4AM8IDGAAD9+fFpZGci8suzhrd1mJmA2Pen3+4T1SfXfqc5pVV573pU
jt8JCq3FGiSjE/Bafn5+tg5R6yIgxs0Mt+M4XlG9ECY3AxBMVdVE8SeT8+TEOHUY
UwyxRK6eP9NiKDWUwBLQ0hRwXe+2NVDbzPgtLUhO34IcvBml0S0f8EShzEZ24P7N
jUUw2vjk6EYcHMVSdVrOhZYolQclqIyfYmj+YcYumFEhz0eLBd8YmdieiKquXJuG
E1YHfheNXUkbAY6esmk4GIuLMkTgFZ5Ug03DHBcUik8No6muDPVcXACA4gqnF4II
TebYc7nazpVt3eC1EnWEuyElY96CBrrlJmB329Hz/yqZIBouOAc7ux77jKSCuKdp
5wNPkQTqa0mX84oek0ICkN8sMBRcn5FAjRoXMuxhSGZgDbTNJYfWfPpr32NGH9YP
wGEMC+ufIdIATJN6eW5ADPI38lt2fbgYkKxSBKHiYobCoh7lIg16VrRohJj1EiDv
sQARAQABiQGfBBgBAgAJBQJV5+g7AhsMAAoJEBzvHuntJBqlGEUL/3Vr4fnnb6il
w/ACFOrglFE2vd/qkQfBp69L+cEQTY5MTrYjyPnmo6jUMJsuFFfy4XL0j3nrVPYu
p1jOYXzwCF0SNfCIifl9Ug94nrWCL4I6hByBTTdavdDQdOd3GvjG43EDdFber6tY
SFh5ew3hxRAZVdqNn9EQruOTk7kZZLxWQ9CynuWzGMpIhc47oNUR1q5baAxby45O
uFCZdN3wqgR2lMRITo2D6QqNzAtmJd3VnBE220YR0DHl0ybu6Z/Q2ZPlUZZvuoeh
Cc014B+2Gyl4xBRwUbUrfsqnc1M8glmG6PgWPK5o9z2SB/73Cfsfh0rOpFNG8Z2c
KITwvstipqPI320xWWDau3BYH+PWluj4RE+LbfF/aIVlf3TbDzSOIQL3qoWBvjMm
r/S/JXpoQ36nhJOeMH69ZYrTcTORLdwEB3cdQCDkRVYv41ep6cxTFWszsGo1r6rP
mUMJwuyZrJt5aNln8ACMf9wyxUJoQuGrM0FKbHjO2xQf8Sq4MNnUew==
=Xhbo
-----END PGP PUBLIC KEY BLOCK-----
edit 1 - you can confim key signature was published here
http://http-keys.gnupg.net/ signature ED241AA5