Since you often read about script kiddies, and them being put down by the security community at large, it is refreshing at times to actually have the whitehats compliment the blackhats. http://theregister.co.uk/content/55/27554.html
The sendmail trojan was a slick compromise. It suprises me that those creating, downloading or mirroring software sites do not use md5 checksums and pgp (gpg) signatures more religiously to guard against these problems. It could be a fun project to layer on top of a mirroring software this capability.
Anyone reading this use Unix-based mirroring software? wget, perl script?