This is generally taken care of using checksums, assuming you trust the source. Of course, trusting the source is the hard part. CyanogenMod, for example, has a chain of trust for their releases; though they host their own binaries.
It is too bad that these went down, but yech, sharing binaries or even entire OS images made of open source code... what if you want to change one configuration option or line of code while keeping whatever special modifications were made? What if you want to combine the changes in X fancy ROM with Y? (Never mind that the kernel is GPL.)
I'm not an Android user myself, but I will nevertheless suggest that optimally these things would be distributed as source on GitHub, with a deterministic build system guaranteed to be able to reproduce binaries in the future, and only secondarily as binaries.
I build them on AWS now, mainly since it takes me 5hrs to download the source compared to a few minutes on AWS. Anybody who knows of a better cloud building service? I consistently fail to estimate instance costs.
I am, and it doesn't cost much at all just sometimes there's problems with builds you have to manually track down I'd rather pay a flat monthly fee somewhere and get x amount of builds/bandwidth if possible. Build time is around 14mins only + the few minutes to repo source + few seconds to run my script that yoinks the junk from Android and the kernel.
