Downloading the signatures to validity, and many other steps (
11 steps ) which we must follow or It could be complicated if never used before.
the other thing is.
if your downloading core from that
one site.. but also downloading the signatures AND keys from that
one site. then you are already failing. because IF that
one site was compromised then all info on that
one site is compromised. so obviously the keys would match the file because the corrupter/malicious hacker tailered all info available on the site to match his edited node download file
its better to get the node software from a trusted source(the site) and TEST that trust by looking for the signatures from the
devs own servers/websites (decentralised sources) to make sure it all matches
OR save all that time by just grabbing the code from github and using a compiler that way you know what has been put into your node