You should realize that people who systematically manually verify the hash of the files they download represent an infinitesimal proportion of all internet users.
It may not be in your threat model, but it is to some Internet users. Have a look at this report for example: https://www.welivesecurity.com...
The fact that other threat vectors are more likely to impact users does not mean that rarer cases should be ignored - they are not mutually exclusive.
Slashdot Mirror
You should realize that people who systematically manually verify the hash of the files they download represent an infinitesimal proportion of all internet users.
It may not be in your threat model, but it is to some Internet users. Have a look at this report for example: https://www.welivesecurity.com... The fact that other threat vectors are more likely to impact users does not mean that rarer cases should be ignored - they are not mutually exclusive.