Are you imparting trust on checksums downloaded from the same source page?
Not implying you are but there is plenty of software where that is how they expect users to verify the integrity of the download. Useful for checking bit errors, but in the event that someone has replaced the binary then they could probably also replace the checksum...
I didnt think about that, but there's not always a reputable alternative checksum source.
I was thinking about all the times I had to download a windows ISO. And how microsoft had openly published what the checksum values were so I could verify this after downloading from a 3rd party
I would need to do more research here you make a good point
I think 7zip has a way for you to check the hash signature with just a right click on the file so thats dandy