It would be nice if the release process also added the hash of any built binaries to a distributed append-only log. That's sort of the approach that sigstore and rekor were made for, to enable Binary Transparency, and they're already being used in the Arch Linux package ecosystem:
this is definitely on our radar! We didn't do any major work on artifacts / assets as part of this effort but there are a bunch of backlogged items, including individual hashes, that we would like to do in the future.
https://github.com/kpcyrd/pacman-bintrans