This is someone spreading FUD. I notice not a single other package is flagged in RED.
1) Our Debian distribution is signed. see: https://launchpad.net/~csoler-users/+archive/retroshare
2) A complete history of our source changes are available at sourceforge.net
3) Our stable Win/OSX releases have SHA512 Hashes Publicly available.
We welcome a public audit of Retroshare... and will patch any issues as quickly as possible.
I would appreciate if someone would fix this.
I don't quite know if the Retroshare "channels" would be something that could help you.
I do however know that git annex might be worth a look if Retroshare doesn't work out for you.
Here's a video about that