I don't think I have to explain why software may not be downloaded securely. Is there any provision for verifying 5R3 downloads with a gpg signature? Or at least a secure hash like SHA256 or 512? Any MD5 hash can be spoofed in minutes. I am particularly interested in the 64 bit GNOME ISO.