I like hashes such as SHA256. But it's more like a super secure checksum that your download is not corrupted. You'd still need to verify the hash using the GPG signature.

It's a quick way to see if something is good, but without verifying the signature anyway, it's possible that the site was compromised and showing a hash that matches the executable or binary.