Integrity of files downloaded from ProcessOne website can be verified with checksum information.
To validate your download:
shasum -c file.ext.sum
file.ext by the actual name of the downloaded file.
The code distributed by Process-one is signed. To check the signature, you first need to have GNUPG installed and configured on your system. Then, you can go through the following steps:
wget -qO - https://www.process-one.net/downloads/KEYS | gpg --import
file.ext.ascalong with your
gpg --verify file.tar.gz.asc