To be honest, I didn’t verify the signature when I installed it. The download is over TLS (HTTPS) so you know you have a secure connection with the F-Droid server during the download. But because of the tiny chance the F-Droid website was hacked at the time you download it, you should verify the signature.
Tor introduced native DDoS protection for onion services using a transparent Proof-of-Work defense over a year ago: https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-services/
You should strongly consider making the switch and turning on this feature. I was very surprised to find that this instance was being Cloudflare blocked. Maybe we could help with funding if needed.
Yes. I think what I wanted to say is you can set up Tor PoW for an onion in addition to currently using Cloudflare for clearnet, but sounds like that will be part of the server migration rather than happening now. Thanks for the response.