There is no centralized keysigning authority that we could trust. 
Speak for yourself please.  This is what OCSP and CRL is for. Nearly every secure communication one uses to the web uses trusted certificate.  Too expensive?  Valid concern.  Can't trust them? I'd argue we already do.
 
Your argument "we can't make it absolutely secure, so we might as well just not bother"
Fantastic satire.

Any software that connects to a network MUST have security considerations
WHICH IS EXACTLY WHAT THIS CONVERSATION IS DOING THANK YOU FOR REITERATING IT LOUDLY. :)

we can't predict what the hash of a release we haven't released yet would be
Marty McFly, did you not read the part that said "we can't see into the future!"

We can't do anything to web browsers. Browsers have other security mechanisms in place - mozilla and chrome both already have contingencies in place for situations like that - blacklists, security warnings, etc. 
So what exactly is our problem with offering a link then? 


-Tres