Enhancement request: integrity checks on new version info

[Danyal]

There is SHA checksum for the zip file at https://sourceforge.net/p/kp-googlesync/support/GoogleSyncPlugin-2.1.2/

There is a direct link to the above page in Support Section > Getting Started
New release available
Changes made in this release: [GoogleSyncPlugin-2.1.2].

Please let me know if there is a better place on the plugin's source force page if it was too hidden or hard to find and I can move it there.

Assuming my site is hacked with wrong version info, user would still get redirected to keepass plugins page when they double click on the plugin from "check for updates" popup.

Dominik does not host this plugin on his website, it just links to this sourceforge page. So a hacker manages to hack both keepass website and my website at the same time or somehow manages to redirect all user's traffic to his/her page with an infected file to download.

If users always download from Sourceforge, it would be the safest option.
If users download an infected plugin file, the hash of the original zip file I provided wouldn't match with the infected file.

Does this resolve the issues? So once the file is downloaded on the computer, please check the hashsum value (Google search can return lots of online websites that validate a file against a hash)

I will try to read up on new function provided in Keepass ... UpdateCheckEx.SetFileSigKey, and see if it can be implemented in our plugin.

I currenly don't have the means to provide an ssl website for version checks, which is why I don't host the plugin file anywhere else except on sourceforge.

Hmm, I wonder if I can host the version check file from sourceforge too.