As long as one of those accounts is trojaning (or even just suspected of possibly having been trojaning once) it instantly poisons all the mirrors. Even if they are perfect netizens 99% of the time, that 1% makes all their other efforts useless.
Whoa what. Are you suggesting that suspicion of possibly maybe having put a trojan in someone else's files somewhere is grounds to make all one's efforts useless and poisons everything else you do?
Geeze, I guess we should stop using Google. They've been accused and suspected of much worse by a lot of people. I hope that's not what you meant.
Are you suggesting that suspicion of possibly maybe having put a trojan in someone else's files somewhere is grounds to make all one's efforts useless and poisons everything else you do?
Short answer: Yes.
Downloading and running arbitrary binaries from the web inherently a quite dangerous thing do to, and I only feel comfortable taking such a risk with sites I trust. I no longer trust Sourceforge and there is very little they can promise me to make me start wanting to download from them again.
Well, I don't agree¹ with your method of evaluating trustworthiness (which seems to me rather too quantized and "chastity"-minded), but at least you know exactly what you're doing and who you're trusting.
[1] Read as "I believe it's sub-optimal for a given cost-benefit formula, after some assumptions about certain variables and certain opportunity costs, and other methods would likely be more useful in context."
