Would be cool if sharing with #buildinpublic brought some discussion, let's see what this brings!

Another item originated from Asfaload: reusing the code interacting with Github I also published freshstuff.net , inspired by the long discontinued Freshmeat
This is not the focus of Asfaload, but could provide some additional visibility.

First deliverable: a checksums mirror github.com/asfaload/checksums usable with our CLI downloader: asfaload.com/asfald/
Using checksums originating from another location than the download server increases security.

Just discovered #buildinpublic, which is what I've done with asfaload.com . It started with the goal to provide authenticated downloads, but became a more general multisig sign-off solution.
All developed in the open and under open source licenses (AGPLv3 or MPLv2) at github.com/asfaload 🧵

With its checksums on the Asfaload mirror, Regal https://github.com/StyraInc/regal , a linter for #policy definitions used by the open policy agent https://www.openpolicyagent.org/docs, a #cncf graduate project , can be downloaded with additional security, see https://www.asfaload.com/asfald/

Ever missed Freshmeat? This is for you: get a continuously updated stream of newly published Github releases at https://www.freshstuff.net/
And releases whose checksums files are mirrored by Asfaload are marked as such

A new release of @cloudflare 's pint, the #prometheus rule #linter has been published at https://github.com/cloudflare/pint/releases/tag/v0.73.3, and its checksums are already available on asfaload's mirror to let you download with increased security. Check how at https://www.asfaload.com/asfald/ #security

https://github.com/pdfcpu/pdfcpu is a #pdf processing library in #go that you can download with additional #security using asfald (see https://www.asfaload.com/asfald/ )

Need to export your Slack data? this tool can help https://github.com/rusq/slackdump and as it publishes checksums in its release, our checksums mirror increases the security of your downloads, check out how at https://www.asfaload.com/asfald/ #slack #export #data #tool

Convert your images on the fly to webp thanks to https://github.com/webp-sh/webp_server_go which can be downloaded with increased safety using asfald, for more info see https://www.asfaload.com/asfald/
#webp #server #golang

neovim released version 0.11, a significant release available at https://github.com/neovim/neovim/releases/tag/v0.11.0! With our checksums mirror you can download it with additional security. Check out how at https://asfaload.com/asfald #neovim

Rancher Labs' GKE and AKS operators can be downloaded with additional security guarantees with asfald, check how here: https://www.asfaload.com/asfald
Their releases are at https://github.com/rancher/gke-operator and https://github.com/rancher/aks-operator
#security #k8s #Cloud

Today's project discovery: https://github.com/EricCrosson/git-disjoint
Group your commits by issue into Github PRs. Lets you work on one branch and push to distinct PRs afterwards.
Check how to download it with additional safety at https://www.asfaload.com/asfald/ #github #git #softwaredevelopment

‪Asfaload‬ ‪@asfaload.bsky.social‬
·
2m
#terraform providers are often published with checksums. That's also the case of the huawei cloud provider: https://github.com/huaweicloud/terraform-provider-huaweicloud/releases/tag/v1.73.1
See how you can download it with automatic checksums validation at asfaload.com/asfald

Friday project discovery: Permify (https://github.com/Permify/permify) is an open source authorization as a service inspired by Google Zanzibar, and as they publish checksums, it can be downloaded with additional safety with asfald: https://www.asfaload.com/asfald/ #security #authorization

The copies on our mirror of checksums are now taken much more rapidly. This reduces even more the attack window (eg replacing a file and its checksums file). For example the checksums of this pulumi release were taken less than 3 mins after release: https://github.com/asfaload/checksums/commit/3aba2bf1606ed99d013e5402326f85eb856c4c9d#diff-bbad4c022e7e67caea8c5d642af6f622711ed72f60844e64a8ccf9132c0b5af7R1

We had a breakthrough in our search of a satisfying procedure to handle lost and compromised keys, as well as account reinitialisation. All possible without having to trust us. Will formalise all this, looking forward to have it implemented!
#security #multisig #signature #softwaresupplychain

Looking at our checksums mirror allows me to discover some niche software, this week it is a shipping pack optimiser: https://github.com/obalunenko/shipping-pack-optimizer
Download it with additional confidence with our downloader asfald: https://www.asfaload.com/asfald/
#software #shipping #optimization

My 15 minutes lightning talk at @fosdem about Asfaload is now online at https://fosdem.org/2025/schedule/event/fosdem-2025-5886-increasing-security-of-internet-downloads-with-asfaload/
#fosdem #lightning #video

https://turso.tech 's modern evolution of sqlite https://github.com/tursodatabase/limbo can be downloaded with added security with @asfaload's tool https://www.asfaload.com/asfald. Give it a try, it gets and validates checksums from an independent source in addition to the github release.