The idea here is to use multiple alternative channels for distributing the checksums (newsgroups, mailing lists, telephone support lines, fax-back service, e-mail, etc.), in addition to the ftp sites. Also, since you guys use (relatively untrusted) mirror sites, you can distribute the checksums on your official sites, so that people can verify them from you directly, even if it's more practical for their main download to be from a "local" mirror.

I've been thinking about this recently for obvious reasons. My concern is that if someone can attack your download of netscape, they could also attack your download of the program that validates netscape. Is there really any way out of this one?

--Jeff