I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?
first of all I think it is more of a drama than anything else and I wish they'd explained more about the situation already.
second of all, this risk is not a new thing (although the attack itself in a bigger size is new) and you
should always check the signature of these sensitive file when your money is involved regardless of the current situation.
p.s. to my knowledge since they are uploading the binaries on https://bitcoin.org unless their ssl keys are not compromised there is no way of messing with the uploaded files. right?edit: reading more about https and compromises I realize there are many other ways this can go down!