Provide md5sums for current binaries somewhere

[thegoddambatman]

At the moment, there appears to be no way to verify the integrity of the multidoge binaries from http://multidoge.org . This creates risk in several ways for end-users:

• multidoge.org itself does not offer an HTTPS alternative, so there is no guarantee of the site's integrity.
• the binaries are not signed (however it looks like this is a work in progress, given https://github.com/langerhans/multidoge/blob/master/how-to-codesign-on-windows.txt , though this procedure only describes windows signing), so it's impossible to tell who created them.
• There is no method to verify md5sums of the downloaded binaries, so end users cannot tell if the version of multidoge they downloaded is, in fact, the version commonly available.

The easiest solution for this is to publish the md5sums of the binaries offered someplace secure, such as an authenticated Gist, or a PGP-signed block offered on the website (the PGP block would even work on an HTTP, rather than HTTPS site).

[thegoddambatman]

For reference in the ticket directly, the md5sums I generated were:

a5788daf3b58b6a5efa222db9fd05367  multidoge-0.1.2.dmg
a9484de0a99ada77ebd0118a33708c72  multidoge-0.1.2-linux.jar
5083cb4f664cf3a62af292e54978ee39  multidoge-0.1.2-windows-setup.exe

If those are incorrect, we're in trouble, because I just did it 15 minutes ago.

[langerhans]

The page is hosted on GitHub Pages, so I don't think that SSL is currently an option. I'll merge the PR, cause I can confirm my local files have the same MD5 sums, though I might use SHA256 in the future. MD5 is considered broken anyway.
And yes, signing should be doable, I recently set up a new key and all. No idea when the next verison will be released thoguh as I'm kinda swamped with work currently ;)

Thanks for bringing this up though! Keeping this open as a reminder :+1: