From Mike Andrew
A favorite trick of trade for hack attacks used to be altering original source code to suit the purpose. The user would download the latest version of my_favorite_app, and be unaware that my_favorite_app had 'undocumented features'.
To counteract this many suppliers of source (be it binary, true source, tarball, or rpm) apply a checksum to the finished package(s) and provide that checksum in a text file for your use.
Verifying that what you download, is what the author intended, is exceptionally easy.
md5sum -c textfile
The result will be 'ok' or not ok, there are no areas in between.
The actual steps to achieve the above command line are
1) cd to the folder you downloaded the file(s) to
2) this folder must also contain the ftp'd <textfile> it is often called simply enough md5sum.txt