Stub downloader. Similar to the one that Mozilla is providing for Firefox downloads. A small tool that is used to download and install the real tool.
Securing downloads may be better when written as a general purpose tool (not specific to Whonix ™).
No other projects such as Firefox or Debian support this use case.
Learning C++ and adding Metalink (including OpenPGP support) into Firefox (see Metalink [archive], see https://bugzilla.mozilla.org/show_bug.cgi?id=331979 [archive]) might be one of the simpler, yet very difficult approaches. For Firefox, gsoc may be way to get this feature in, which means that some uber geek spends 4 months full time on developing this. (While still not addressing the TUF threat model.)
- How to download and verify the host program in the first place?
- How to download the secure downloader itself in censored countries?
- How to download files in censored countries?
- Torify downloads?
Such a host program is host operating system specific, well you can write it in a cross platform language but still have to struggle with platform specific quirks.
The Tor Project never managed to get such a downloader up and running, see.
- liberationtech: secure download tool - doesn't exist?!? [archive]
- proposal to defend a permanent takedown threat
TUF (The Update Framework) 
- TUF Threat Model,
TUF: Attacks and Weaknesses
- GPG signatures do not authenticate filenames [archive]
- https://trac.torproject.org/projects/tor/ticket/2340#comment:14 [archive]
- Metalink [archive]
- en.bitcoin.it/wiki/User:Gmaxwell/update_checking_requirements [archive] 
- https://www.updateframework.com/ [archive]
- https://github.com/theupdateframework/tuf [archive]
- https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md [archive] http://www.webcitation.org/6PRDsuYHq [archive] http://www.webcitation.org/6F7Io2ncN [archive]
- http://www.webcitation.org/6PRE4LfeZ [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)