All the distribution RPMs are signed, so they can be verified. The MD5SUMs file is signed and can be verified (so CD images can be checked for "authenticity"), but remastering into a DVD is becoming more common. Unless there is an "official" FC DVD image (and as a mirror, I'm not looking forward to that from a disk space perspective), it would be nice if Red Hat/the Fedora Project would come up with a way of signing the non-RPM binaries used in installation (or signing an MD5SUM type file, maybe with a verification script provided). I think the important files are everything under the Fedora/base and the kernel and initrd files under the images directory. Just kind of "thinking out loud" as I was burning my own DVD of FC2t1; I know people that'd like a copy of FC2 release on DVD, but how can they verify that I didn't tamper with it? I could mess with the installer so that it didn't install exactly the RPMs on the disk. Maybe I'm just paranoid. :-)
Well, there are official FC DVD ISO images now, for what that's worth...
Closing bugs on older, no longer supported, releases. Apologies for any lack of response. With official DVD releases and signed MD5SUMS of those, further changes aren't planned.