2025-02-04, 12:30–12:35, D.Aud (Main)
Resources are often downloaded from the internet, also in automation scripts. It is often impossible or cumbersome to validate the downloads integrity and authenticity. At Asfaload, we want to propose a solution we think is both practical and efficient.
We have developed Asfald, a tool that can be used to download resources from the internet, like curl would do, but it additionally validates checksums of files downloaded. It downloads checksums files from a mirror we maintain of checksums files published alongside the resource to be downloaded (currently in Github releases, but other publishing means can be easily supported). Our next step is to cover files authenticity, i.e. ensuring the file downloaded was published by the maintainer of the repo it is downloaded from.
Raphaël has worked in IT for more than 25 years, and has experience in system administration, database management and web development. He is a staunch Free and Open Source Software supporter, and is attentive to security and privacy matters.