The problem with Suspect File Versions is that it reports false positives when you are upgrading using a patch rather than a full overwrite. This has occurred for me twice now with vBulletin upgrades, and it is somewhat annoying and could be unsettling for non-technical users.
Due to the variety of download options available for VaultWiki, it would be difficult to implement a Suspect File Version system that is capable of telling the difference between that and hacking attempts, but not impossible.
This is something we could implement in version 4, but I would be concerned about the potential size of the md5_sums_file going forward. We already have close to 1500 files in version 4, and for patches to be supported, historical sums would also need to be accepted. The file could easily exceed 1 MB on its own in just a few versions -
Because sums typically need to be generated at download time rather than being static, this poses an additional challenge where patches and historical sums are concerned.
We'll solve it...