1- Don’t delete the signature, it is a very good start and You did everything correctly to that point.
2- You are wrong: installers are valuable targets for hackers as seen with the popular tool cleaner from Piriform. Somehow malicious code was placed into the installer placed on their web site.
3- No extra task with every new RT-Version. Just once You have to provide the fingerprint of Your key onto a different web site and link this (or give a hint to find it). Another option is, to create an account on keybase.io and place public key and fingerprint there. It is not sufficient to gain the maximum trust level, but enough that the verification process can be fulfilled satisfactory.
I encourage you to take the last step and make the world safer.
In the e-mail that You received from me, You can see how I managed it. And in case You answer encrypted Your key is proved to me and mine is proved to You.
BTW RT is great!!