MD5 is easily forged with $10K of computer equipment.
Even SHA1 is no longer safe, according to Google:
https://www.infoworld.com/article/3173845/encryption/google-kills-sha-1-with-successful-collision-attack.html
Please list SHA256/SHA512 hashes for each download.
Curious if you ever had some sort of issue with avidemux that a check against a hash string would have avoided?
Not that I am against hash verification or that I think it would be hard to automate the generation of a sha hash for each compile.
Listing cryptographically robust hashes on web pages distributed over HTTP is pointless. The only real improvement would be to use detached GPG signatures (which virtually nobody on Windows will check).
Stating that hashes are pointless over HTTP is just a bit harsh.
When source and hash are coming from the same origin, it does provide extra integrity verification of the data transmitted.
If there is some malicious intrusion over HTTP then that is another story.
That said I never had an issue with fetching nightlies from the official repository.