means u trust information in a public non peer reviewed forum when it comes to authenticity of a file ? - i hope u dont end up in a "bad forum" one day, could be surprising ..
Well... If your files are malicious in the first place then we are all screwed anyways.
So I guess the question is if I have trust in the security of this forum, and the answer is of course no (the session cookies are all transferred over http, not https, to start with). But I guess this is as good as it gets..
If you'd post checksums here it would be as secure or insecure as if you'd posted the file itself here. Which is, I expect, all I can ask for.
Besides the security concerns, checksums would also provide an easy unique way of referring to a version of a file.
That all being said: If it's all the same for you I'd prefer checksums, and cryptographic signatures, and ..., otherwise I would prefer if you'd spend your time on awesome hacks rather than creating a cryptographically secure distribution chain.
Thanks for all the amazing work!