Use gpg to verify that the release archive has not been altered.

For example:
gpg --verify patroneo-1.4.1.tar.gz.sig patroneo-1.4.1.tar.gz