The exploit in this case had access to the build (and presumably signing) system. That wouldn't have helped. The protection against this would have been the comparatively new efforts at reproducible builds. A modified binary, in theory, could be detected by current Fedora and Ubuntu releases (not sure about Debian or other distros). I don't think we've had an attack in practice though.