Right, if you're already in the WOT then there are better ways, but then you're probably familiar enough with GPG that you don't need any help. :-)
Most distributions have signed checksum files, but also post those checksums in a HTTPS location. I, and I suspect most people, just check against that and call it good. AFAIK Debian don't have that, and between using GPG or thinking "F* it, I'll take my chances", I suspect many would choose the latter. I was trying to give people who's security conscious but not paranoid^W^Wlazy an option.
Most distributions have signed checksum files, but also post those checksums in a HTTPS location. I, and I suspect most people, just check against that and call it good. AFAIK Debian don't have that, and between using GPG or thinking "F* it, I'll take my chances", I suspect many would choose the latter. I was trying to give people who's security conscious but not paranoid^W^Wlazy an option.