[xur17]

It is more flexible than a hash, but it's also more complicated.

[michaelmior]

I don't really see it being that much more complicated. Signing the image is just one extra step when you publish, but it also means that you never need to update client machines unless the key is compromised.