I made this account just to reply to this comment. The email about the releases come from the release engineer and are signed. The signed email has the SHA256 of each file. It's just not as apparent when looking at the archived version of email. Also, nearly every subdomain and page on the FreeBSD website cluster has HTTPS available.
I may look like a jerk for complaining, but I'm sad that the default options for downloading FreeBSD are not secure and not technically optimal. (The email are signed with the sha256 sigs, but the archives are not accessible in https _by default), yet I understand they may have other priorities.
Other than that, I applaud FreeBSD's efforts in Libre software at large.
