I was pleased to notice today, while going through the changelog for ethereum wallet 0.8.3:
PGP-verified releases (#546)
This is long-awaited, and probably more useful than checksums itself (although they have slighty different purposes). Look for the Verified badge in releases and commits.
This practice has, of course, been in use in the wider open source ecosystem for a long time.
It always struck me as incredibly strange that in a world where it is people's money/value/whatever-you-want-to-call-it that is at stake, such a simple precaution is repeatedly not being taken by crypto-currency projects everywhere.
Checksums are not enough. They serve a different purpose.
Congratulations to the ethereum project for getting it right.
Developers: Sign your releases. Give your users the warm fuzzy feeling (tm).