The hash on the app page (https://zentimings.protonrom.com/) does not match the hash of the file.

On the site it list:
344ac1d0ba0099a18c93b1ef399a399c

It is actually:
4300A3914FD8B7E10A6953923623D14E

Thanks, will fix it. Github does not provide the hash of the uploaded files, so I have to either:

• hardcode it on the site, but make sure I update it every time the release is updated
• always dowload the file and calculate the checksum, which is not an option

MD5 is not really secure anyway, so I will switch to another algorithm next time.

Updated.

Not so much for security as file integrity, which MD5 is sufficient for. Just noticed it because I use Scoop, and maintain a bucket that includes a manifest to allow installing ZenTimings. The automatic version update was failing when trying to install, due to the de-synced file integrity check

I can just have the GitHub action for the automatic updates check it manually by downloading it, but it's generally faster/preferred to use a provided hash if available.

You could also use GitHub Actions to generate a hash file with each release automatically if you wanted, like this one.