Who's to say that your friendly ISP or government agency isn't doing the same? Or even better yet, how about for OS updates.
Your OS should already check binaries before installation; This is done with digital signatures (i.e. GPG and such) so HTTPS isn't required for protection.
The threat TFA is about is when the user/admin uses an installation method that circumvents or ignores the signature check.
In the Linux realm most popular distros are reasonably secure, but I noticed that Fedora's signature regime is incomplete and so is open to a MITM attack where any number of packages can be selectively prevented from receiving security updates.
OSX and Windows give the appearance to doing proper signature checks, including when you double-click an installer from the desktop. But they use a PKI model that leaves me wondering just who is vouching for the signatures.