An anonymous reader quotes this report from Engadget:An update on the site says the software's version information file is now digitally signed , adding that KeePass "neither downloads nor installs any new version automatically. Users have to do this manually... users should check whether the file is digitally signed... HTTPS cannot prevent a compromise of the download server; checking the digital signature does."