For what it's worth, here are the SHA256 checksums I have. If yours
do not match, then one of us is almost certainly in trouble.
I think the reason people are not convinced that TLS is enough is due
to the number of CAs which have been found to be compromised (e.g.
Comodo), as well as things like this:
The idea with publishing the hashes is that the hash would be
published on one server, and the binary would be published on another.
The servers should be controlled by different people. Somewhere this
was lost along the way and people started publishing the hashes right
next to the binaries. While it makes them easier to find, it defeats
the purpose, as Fernando pointed out.
Having a public key embedded into the software which takes care of the
verification on update would work if there is an automated update
mechanism to check and download the updates. If properly implemented,
that solves the problem once you have a copy of the software, but what
about the first time you downloaded the program?
Publishing a public RSA key could help, but we're back to the root of
trust problem. How do you know that key is actually the authors? If
you assume that TLS is not perfect, then the public key could have be
swapped out, just as a hash could.
Personally, I like the idea of having a hash and a signature for
releases which are downloaded over HTTPS. There's RSA for the people
who are paranoid (and it's up to them to make sure that the public key
actually belongs to someone who is trustworthy). There's a hash for
casual checking, and there's TLS for the people that are either
unwilling or unable to check the hash.
In general, it would be interesting to see independent parties sign
releases. For example, a security expert could review the code and
sign it saying that the source matches the binary, or that they went
through the source code and didn't find any (major) issues. A
performance person could sign off on it saying that it is written in a
reasonably efficient manner. Then users could decide that they trust
anything that Joe the security guy has reviewed and signed, and set a
theoretical policy which would only allow installing packages which
are signed by someone that particular user feels comfortable with.
We're a long way off from that. Also, just to be clear, this idea of
having independent reviewers and allowing users decide who they do or
don't trust is not new. It dates back to at least 1992 with
Zimmermann, possibly earlier. Maybe in another 20 years we'll have
something like that...