md5 values convention should be for uncompressed version of the file
 

Are md5 values published next to the compressed version of the file assumed to be for the uncompressed version?

There should be an obligatory "uncompressed md5:"
instead of what I usually see: "md5".
That would help me, as a newbie.

I know, I know, it can't be the compressed version's md5,
for the filename does not indicate the level of compression.
But I'm not sure about the convention, and I'd like some clarity.

Thanks in advance.

In general, no. The whole point of publishing md5 sums is for the user to immediately check the integrity of the download before doing anything with the file. But different places can have different opinions on that.

two md5 per app download?
 

Assuming an md5 to check the file as soon as it's downloaded, then
one would need yet another md5 to check the application itself after
it has been uncompressed.

Practically all application packages are compressed before downloading--
even binaries--and there are many types and levels of compression.
Each method would result in a different md5.

An app has two distributors. The first distributor is the person
who packages the code and it's libraries into a release version.
THere is a lot of decision making and resulting accountability.
The second distributor is the person who gets a release from
its origin and then acts as a downloading center for apps. Or
the second distributor may be one who creates binaries of the app.

We need a general, publishable md5 for the release itself.
Each release or version needs an md5 I'm calling the "general md5".
The release manager should attach this md5 in the README file,
and publish the release md5 for all to verify the particular release
is the one originally packaged and released.

If there is an md5 for the compressed package only,
and not a general md5 for the release itself, then
then secondary distributors hide any corruption to the original package.