Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
I'd have a much better feeling if the installer was signed or at least an MD5 hash given. As it is now, I cannot be sure whether the program got compromised or not. Especially such a pogram would be a worthy target to compromise.
Please sign it, Dominik.
Ah, OK. Just saw the MD5 sums :)
P82947 - It would be safer to use SHA-1 to check the integrity of the installer as MD5 is much more susceptible to collisions.
DeanO is right. The MD5 algorithm has been severely compromised and should not be used for security. SHA-1 is secure, but signed installers are better. They are much easier to check, and can be safely run from user folders.
Will you please sign the installer and extract any installation files to system temp folders (instead of vulnerable user temp folders)?
SHA-1 sums for all files are here: http://keepass.info/integrity.html