True! My original point though is that just providing a hash for a downloaded file is generally not required. It doesn’t provide anything that other layers haven’t already (a hash only guarantees integrity, while downloading over HTTPS provides authenticity). Personally, I see them as a relic of the past that made more sense when transmission was less robust (though even back then, a lot of layers provided some sort of error detection and correction), and modern filesystems can detect errors as well.