I agree 100% with KJSwartz, SE still needs to provide a "normal web-based distribution site" via S3/AWS, GCP, Azure/Github, whatever.
It's becoming increasingly rare for professional customers in corporate environments (the most locked-down, typically) to be allowed access to Dropbox, or to receive executable attachments via email. Both are IT security nightmares, so corp IT depts tends to disable both.
Most container-based distribution site images can be highly portable between providers, allowing a level of redundancy in provider you'll never have being reliant on a single cloud-drive-provider. As for email, as always, attachments greater than 10-12MB are unlikely to survive end-to-end delivery in any case, and many corporate IT environments severely limit allowed attachment sizes as well.
IMO, you're really setting yourselves up for problems if Dropbox and email are your only significant delivery options (both for hotfixes and everything else). I don't even want to think about the phishing exposures possible if you get some customers used to receiving hotfixes by email. PLEASE rethink that particular set of decisions before your systems get too "entrenched" -- the distribution for both application binaries and hotfixes is problematic as stated, for the reasons above (and quite a few more).
Just trying to help y'all dodge a highly-foreseeable bullet or three!