As it is not a rpm package, with an embedded GPG-signature, what is the GPG-signed checksum of that deb-package so we won't be MITM-attack vulnerable?