Sorry, no offense on that, I do understand. I stand by my point, something I think many miss. The checksum of the image should be included on the image in order to maintain the integrity of the image. The checksum generated by a third party checks the download, not the image. Similar, not the same. You trust sourceforge, so do I, still not the same thing. The record on the image goes with it, and regardless on how we come about it, the check is available for as long, and in whatever form the image exist.
Maybe just my debian ways, but I'm used to the md5sum.txt on the image that is 8-90k and includes a file based summary, so you know specifically what files have any error. Moved, copied, a year later...the check is still valid. A script loop mounts the image, reads the file and uses the info to check EVERY file, and the whole. I was thinking this process, and not a generic download integrity check.