alt Hacker News> If the attacker already controls the download link and has a valid https certificate, can't they just modify the published hash as well?
This implies an attacker controlling the server having the certificate's private key or the certificate's private key otherwise being exfiltrated (likely in conjunction with a DNS poisoning attack). There is no way for a network client to defend against this type of TLS[0] compromise.