Unsecured download : Why don't you use Hash and PGP key?

for linux download you provide an unsecured download (external domain) without any hash and PGP key : do you think it’s a solution for security software?

The sha256 hash is right below the download button for .deb and .rpm packages. The ppa system works differently. The binary gets built right on the launchpad server. The AUR even builds it on your client.