I was just in the process of updating a little project of mine, and had decided on an extra
bit of security for the published hashes, when I took a break and read lwn.
What I'll do with my project is to run a daily script comparing the remote pages (the ones
containing hashes) with the local copies. Should a "diff" happen, all hell will break loose
here and the remote tarballs pulled asap.