You're wary of running unverified binaries but you're OK when they're verified by a checksum downloaded over unencrypted HTTP?

Thanks, I was so focused on finding the files that I forgot.

The criticism is the same: You're worried about running binaries from a particular source, but will accept the signatures from the same source?

Yes, when I don't have any out of band method for obtaining the key.

Also, the sources aren't the same, the binary is downloaded from a mirror / CDN while the links I posted are from the main FTP server.

edit: grammar corrections