You could always get the zip file, delete the binaries in there, fetch the source of the engine elsewhere and compile yourself.
This assumes that content such as QVM files do no harm. There can always be bugs with ioq3's vm interpreter, x86 compiler, libpng, libvorbis etc.
The sourcecode of OA in neither SVN nor Git is signed and as such equally untrusted.
I understand paranoia and unfortunately I can't commit myself to vexing issues about it... though if it's about a MD5sum being manipulated, maybe a PNG image of the MD5sum could also work. You can also crosscheck this md5sum with some of the mirrors that also provide the same zip file.
A targeted attack on the openarena.ws website could just as easily replace any images (you'll want TLS, DNSSEC and whatnot).
md5 is broken.
You can not rely on mirrors if the primary file on openarena.ws is poisoned or the mirrors might just be targeted as well.
Also signing is expensive, and since this project is primarily a data project for the content rather than the code, and you can't sign a QVM file... it doesn't hold a lot of concern for my more critical art priorities. Don't think there should be much 'tampering' with pk3s though, since to play online, checksum protection is required for clients to connect.
Signing with PGP/GPG does not require a certificate which is backed by some trusted CA, as it works via the web of trust.
There's no need to sign individual files, you could either sign their enclosing .pk3 or just the whole oa.zip.
The pure pak CRC is trivial to fool, just look at Debian's ioq3 fork using shared libraries.
May I suggest to post somewhat secure checksums such as sha256 on some known website (e.g. OA's GitHub wiki via https)?
This does not require getting familiar with PGP and provides some level of trust while being just an additional command to the usual md5sum.