Asfaload can now use your ed25519 ssh keys to sign artifacts! No additional key to manage for Asfaload.
2 days ago
0
1
0
0
Posts by Asfaload
Not sure it is the right order: our documentation is deployed before our backend is even online :-D
www.asfaload.com/doc/
The fastest way to deploy the doc was using rust-lang.github.io/mdBook/ , incidentally a #rustlang project like us.
#buildinpublic #mdbook #security #softwaresupplychain
1 week ago
3
1
1
0
Seeing the Axios #compromise on #npm, and as Asfaload enables the detection of unauthorised publications in case of an account hijack,I feel there must be serious opportunities for the project.Take a look at www.asfaload.com and let me know if you have suggestions! #security #supplychain #opensource
2 weeks ago
1
1
0
0
Asfaload project,aiming to provide an auditable multisig file downloads auth,passed 1000 commits: github.com/asfaload/asf... In this LLMs age,it might become an even less interesting metric,but if only for me,it reflects the time and energy I put in the project #buildinpublic #opensource #rustlang
1 month ago
2
1
0
0
Added a section about #llm usage in the README. The project is not vibe coded, but using llms reponsibly is such a productivity boost! #ai #agents
1 month ago
0
1
0
0
Trying to make Asfaload both secure and future proof by using sha256 oids in its #git backend. This has a performance cost as we need to shell out to the CLI, the libraries support of sha256 oids being WIP. Hoping we don't need to go back to sha1 oids as converting later would be a disrupting change
1 month ago
0
0
0
0
As my use of #ai has increased gradually (asfaload.com/blog/ai_use/), I have more #code #review work on my plate. I have just installed tuicr (tuicr.dev) in the #docker image I use for development (github.com/asfaload/age...) , and it looks very helpful to ease review of code generated by an #agent
2 months ago
2
1
0
0
You have to start somewhere: happy with the 10 ⭐ the project got on GitHub: github.com/asfaload/asf... #buildinpublic #foss #opensource #rustlang
2 months ago
4
1
0
0
In the Asfaload codebase, there was a pattern that kept appearing: using #rust enum to wrap trait implementations. It offers great flexibility, clean #code, all with full #typesafety and no dynamic dispatch. I haven't seen it described often, let's change that! www.asfaload.com/blog/rust-tr...
2 months ago
1
1
0
0
Advertisement
2 months ago
0
1
0
1
🎉 First time I could go through the whole chain:
- register multisig from a github project
- activate it by signing it
- register a release
- sign it
- download a release artifact and authenticate it
github.com/asfaload/asf...
#buildinpublic #progress #rust
2 months ago
2
2
0
0
After mentioning asfaload in the question time of the #security #talk of @oej.edvina.net at #fosdem, there was some interest to get more info. But while posting the link to the room's #matrix channel, the speaker disappeared! I hope we can talk further later!
2 months ago
1
0
0
0
2 months ago
3
1
0
0
Promoting open source project asfaload.com at #fosdem.org
2 months ago
1
0
0
0
Just discovered this talk
fosdem.org/2026/schedul... at #fosdem by @oej.edvina.net . This is exactly the need that asfaload aims to fill! Looking forward to having a chat!
2 months ago
1
1
0
0
Asfaload flyer
No asfaload talk at #fosdem this year, but I prepared the design of an A4 flyer, see blog post asfaload.com/blog/fosdem2...
And image here:
asfaload.com/blog/fosdem2...
#buildinpublic #promo #flyer #foss
2 months ago
5
1
0
0
Added the project to deepwiki at
deepwiki.com/asfaload/asf... This generates #documentation that seems quite good! I will probably link it as the documentation for the project.
#ai #llms #buildinpublic
2 months ago
1
0
0
0
Just renamed the GitHub project asfaload, to avoid confusion. Project is now at github.com/asfaload/asf...
#buildinpublic
2 months ago
2
0
0
0
2 months ago
0
0
0
0
Advertisement
A new release of asfald, our downloader transparently validating chksums! github.com/asfaload/asf...
Most important feat: report vulnerability window,i.e. time between publication and mirroring of chksums. During that time an attacker could update file in release undetected.
#buildinpublic #release
9 months ago
4
1
0
0
Starting a new project from scratch in a new language is often a trial and error approach. Such is the case for the implementation of our generic multisig signoff solution in #rustlang As we #buildinpublic, you can follow progress at github.com/asfaload/asf... Only 3 commits at this time ;-)
9 months ago
1
0
0
0
github.com/joernio/joern is a multi language code analysis tool. Its release checksums are mirrored by Asfaload to increase the security of downloading it. Check how at asfaload.com/asfald/ #codeanalysis #opensource
10 months ago
1
0
0
0
Would be cool if sharing with #buildinpublic brought some discussion, let's see what this brings!
10 months ago
1
1
0
0
Another item originated from Asfaload: reusing the code interacting with Github I also published freshstuff.net , inspired by the long discontinued Freshmeat
This is not the focus of Asfaload, but could provide some additional visibility.
10 months ago
0
0
0
0
First deliverable: a checksums mirror github.com/asfaload/checksums usable with our CLI downloader: asfaload.com/asfald/
Using checksums originating from another location than the download server increases security.
10 months ago
0
0
0
0
Just discovered #buildinpublic, which is what I've done with asfaload.com but without any public :-). It started with the goal to provide authenticated downloads, but became a more general multisig sign-off solution. All developed in the open and under open source licenses (AGPLv3 or MPLv2) 🧵
10 months ago
3
0
3
1
Advertisement
With its checksums on the Asfaload mirror, Regal github.com/StyraInc/regal , a linter for #policy definitions used by the open policy agent www.openpolicyagent.org/docs, a #cncf graduate project , can be downloaded with additional security, see www.asfaload.com/asfald/
10 months ago
0
0
0
0
Ever missed Freshmeat? This is for you: get a continuously updated stream of newly published Github releases at www.freshstuff.net
And releases whose checksums files are mirrored by Asfaload are marked as such
11 months ago
0
0
0
0
A new release of @cloudflare.social 's pint, the #prometheus rule #linter has been published at github.com/cloudflare/p..., and its checksums are already available on asfaload's mirror to let you download with increased security. Check how at www.asfaload.com/asfald/ #security
11 months ago
0
0
0
0