I, too, would be much more comfortable if a PGP signature file of the latest Eraser installer was available online. Or at a minimum, a SHA1 or MD5 digest of the installer, hosted on a site other than SourceForge. This will greatly hinder a malicious attacker from replacing the Eraser...