"> Apart from compromised servers, as others have mentioned, many sites mirror software on untrusted sites, making use of crypographic checksums to check authenticity.And how does that relate to this article? It's nothing to do with the server serving a file with the wrong content."
It doesn't relate to the article. It relates to this post I was replying to:
"Somebody used scp to securely copy something that he had no way of verifying from a server he didn't trust, and he was surprised by the results?"
To reitterate: it's accepted practice to download from a "server he didn't trust" when there are cryptographic hashes available from a trusted source.
... Not sure how your repeated explanation changes this.
Biting the hand that feeds IT
