Download include tabs with checksums and package naming convention

[slicerbot]

download.slicer.org preview

:warning: The download preview is a static website generated using mock data [^1], is temporary and may be updated at anytime [^2]	Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_release_and_nightly.html	Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_only_release.html	Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_only_nightly.html
Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_release_and_nightly.html
--

[^1]: See front matter variable download_mock associated with https://raw.githubusercontent.com/Slicer/slicer.org/main/download.markdown [^2]: Due to limitation of Netlify preventing us from having multiple deploy previews associated with a single pull request and the impossibility of using repository secret in a workflow associated with a pull-request originating from forks, the deploy-download-preview site is only updated for pull request originating from this repository and will be overriden after another pull request is pushed or updated.

[slicerbot]

download.slicer.org preview

:warning: The download preview is a static website generated using mock data [^1], is temporary and may be updated at anytime [^2]	Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_release_and_nightly.html	Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_only_release.html	Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_only_nightly.html
Screenshot from https://deploy-download-preview--slicer-org.netlify.app/download_release_and_nightly.html
--

[^1]: See front matter variable download_mock associated with https://raw.githubusercontent.com/Slicer/slicer.org/main/download.markdown [^2]: Due to limitation of Netlify preventing us from having multiple deploy previews associated with a single pull request and the impossibility of using repository secret in a workflow associated with a pull-request originating from forks, the deploy-download-preview site is only updated for pull request originating from this repository and will be overriden after another pull request is pushed or updated.

[lassoan]

For me "For security reasons, it is recommended that you verify the integrity of your downloaded Slicer package" sounds like we have some known vulnerabilities of the download server. If Slicer download page is not less safe then other software download pages then I think we should show this information as prominently as it is done on other websites.

For example, users are not pressured to verify checksums on the download sites of even the most security-critical applications:

• https://keepass.info/download.html - Integrity: Hashes and OpenPGP Signatures, .NET Public Keys link at the bottom of the page
• https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html - signature link next to each download and "Checksum files" section at the bottom

We should soften the language (make it clear that checksum verification is a good practice in general, and not specific to Slicer) and not show the text by default (make the section collapsed until the user clicks on the tab, or maybe add some more tabs and show a different tab by default; for example, we could add an explanation of different dates - date in the package name, commit date, date that shows up in the table - and make this tab shown by default).

[jcfr]

Thanks for the feedback, I will revisit the wording now.

[jcfr]

soften the language (make it clear that checksum verification is a good practice in general, and not specific to Slicer)

The wording has been updated in the following pull-request

• https://github.com/Slicer/slicer.org/pull/190