Is it possible for you to release an MD5 or SHA with your released binaries so I can verify the packages?
Not sure about usefulness of this. When website is using third-party download locations, it makes sense to publish hash so users don’t have to trust third-party download site and still be sure they are downloading official release.
In our case we are hosting all binaries ourselves. There is no third-party involved.