One critique I rarely find mitigated is that the hash is stored alongside the binary. So if the attacked can swap out the binary, the hash is right there (vs somewhere more protected). Also hash verification vs checking a pgp --verify is depending on wot. I would love to see nostr signatures here and nostr wot integrated into pgp.