Since switching to fully apple signed and notarized distribution it is no longer necessary to include a checksum. If the disk image validates properly and gate keeper accepts the application then you have verified that the archive has not been altered from what they approved.
As of XTension version 9.3.9 I will be including an MD5 checksum of the downloaded zip files as well as of any plugin files that can be downloaded or updated separately from the main XTension download. Plugin files and anything downloaded by XTension itself will have the validation performed automatically. XTension does not currently automatically update itself but will instead just link you to the release page.
In order to validate that the zipfile that you downloaded is the same one that I uploaded you should run an MD5 checksum against the downloaded file. You can do this by opening a terminal window and typing “md5[space]” and then dragging the downloaded zipfile into the terminal window. After pressing return and it calculating you’ll see some output similar to this:
MD5 (./xtension_974.zip) = 7741a3d4567b9df5be4a755acd8f2dda
Compare that output to the MD5 hash referenced on the download page to make sure they are the same.