Hi,

A bit off the main topic here, but I was wondering if there is some
kind of third party auditing/verification of files that live on
mirrors.  At first glance, it seems possible to do this kind of thing
in a semi-automated sort of way (and hopefully w/o taxing existing
infrastructure too much).

I guess you wouldn't really want to do the downloading from a single
location -- that is, it seems better if multiple parties did the
downloading and exchanged and compared their verification results
(e.g. time, digest, etc.).  I imagine you wouldn't want each
downloading party to download everything, but things could be arranged
so that there is appropriate overlap.

Any thoughts?