Should file hashes be published alongside installers?

[leftdisconnected]

Though hashes are no substitute for file signing and do not imply authenticity, publishing the SHA256 hashes for each installer in the Github archives would allow potential users to identify each file and look up the VirusTotal results for each download without first downloading the files and hashing them locally.

The hashes could be displayed on the website if desired, but a SHA256sum file in the assets for each release would seem easiest and would require no website changes; most website visitors likely won't use the hashes anyway. Hashes for all assets in a release could likely be included in a single workflow as one can combine "sha256sum" with a "find" command or something to include all files in the current folder.

It's perfectly fine to ignore this if it seems like a waste of time, but I find hash identifiers useful for multiple reasons. For example, the primary downloads from the Supermium home page have static naming (today a minor miracle); checking the hash may allow some users to confirm that a prior download is still the latest release.

Thank you for your time, even if this suggestion is not useful.