many third-party websites offering downloads to r2modman

[notwithering]

ive noticed that several third-party websites are offering downloads for r2modman. while they currently seem to be giving the correct files but theres still some possible support and security risks.

sites

• r2modman.com (whois)
• r2modman.net (whois)
• r2modman.info (whois)

hashes

$ sha256sum */*
9cf9a51f11152ad9530a4e1dab1762bc04e6d78cc660ad3e9045ab7de18a6116  appimg/ebkr_r2modman-3.1.53.AppImage
9cf9a51f11152ad9530a4e1dab1762bc04e6d78cc660ad3e9045ab7de18a6116  appimg/r2modman.info_r2modman-3.1.53.AppImage
ec10d8748d45d4d6566a2bd0c94d06b2c25bb769f3ab55394fc41fb9957c54cc  win/ebkr_r2modman-Setup-3.1.57.exe
ec10d8748d45d4d6566a2bd0c94d06b2c25bb769f3ab55394fc41fb9957c54cc  win/r2modman.com_r2modman-Setup-3.1.57.exe
ec10d8748d45d4d6566a2bd0c94d06b2c25bb769f3ab55394fc41fb9957c54cc  win/r2modman.net_r2modman-Setup-3.1.57.exe

risks of third-party controlled downloads

official releases prefixed with "ebkr_". all the sites are giving correct releases but this could easily change, one of these sites if they get popular enough could switch out that download very easily

outdated versions

these outdated versions that the sites are handing out can cause more issues to be created with people on older versions, in fact this has already happened with #1561

possible things to do

• publish sha256 hashes for official releases
• sign releases
• warning on readme? (doubt this will do much)
• take down the sites (i am unsure if ebkr has any legal ground to do so though)