Mastodawn

Deployed client howtos at https://www.asfaload.com/doc/client-cli/howto/index.html . Now with demos recorded with @charmcli 's https://github.com/charmbracelet/vhs
Here's an example for generating a new keypair:
#security #buildinpublic #supplychain

Asfaload May 8

One more #breach that @asfaload prevents: https://www.neowin.net/news/if-you-downloaded-this-popular-software-recently-you-might-have-installed-malware/

Our #opensource #multisig solution is auditable and can be #selfhosted. Check info at https://asfaload.com

Available very soon!

#security #softwaresupplychain #jdownloader @neowindy.bsky.social #buildinpublic

Asfaload May 7

Preparing demos of our #cli with vhs from @charmcli And I discovered they use sigstore,an alternative to our solution.I must not forget to send them our recordings,we are so easier to use! (sigstore requires a full paragraph of instructions, asfaload is only one line!) Reach out to learn more!

Asfaload May 6

Deployed backend for the first time,and ran an e2e test script on it successfully 🎉 It registered a #github project,registered a release' assets, collected signatures from devs,and made a download of the asset, checking signatures.Happy with the progress! #buildinpublic #security #softwaresupplychain

Asfaload Apr 19

Asfaload can now use your ed25519 #ssh keys to sign artifacts! No additional key to manage for Asfaload. https://github.com/asfaload/asfaload
#security #softwaresupplychain

GitHub - asfaload/asfaload: Generic multisig signoff solution

Generic multisig signoff solution. Contribute to asfaload/asfaload development by creating an account on GitHub.

GitHub

Asfaload Apr 14

A question for #security experts: I'm using #rustlang 's pkcs5 crate that only proposes cbc mode for scrypt(eg this function: scrypt_aes256cbc). Having read GCM is much better than CBC, should I look for an alternative? This is a new project without backward compatibility required.
#crypto #cryptography #help

Asfaload Apr 13

Not sure it is the right order: our documentation is deployed before our backend is even online :-D
https://www.asfaload.com/doc/
The fastest way to deploy the doc was using https://rust-lang.github.io/mdBook/ , incidentally a #rustlang project like us.
#buildinpublic #mdbook #security #softwaresupplychain

Introduction - Asfaload Documentation

Asfaload Mar 31

Seeing the Axios #compromise on #npm, and as Asfaload enables the detection of unauthorised publications in case of an account hijack,I feel there must be serious opportunities for the project.Take a look at https://www.asfaload.com/ and let me know if you have suggestions! #security #supplychain #opensource

Asfaload: Generalized Multisignature Sign-Off — Asfaload

Asfaload provides a generalized multisignature sign-off solution for authenticating digital artifacts and processes.

Asfaload Mar 16

Asfaload project,aiming to provide an auditable multisig file downloads auth,passed 1000 commits: https://github.com/asfaload/asfaload In this LLMs age,it might become an even less interesting metric,but if only for me,it reflects the time and energy I put in the project #buildinpublic #opensource #rustlang

GitHub - asfaload/asfaload: Generic multisig signoff solution

Generic multisig signoff solution. Contribute to asfaload/asfaload development by creating an account on GitHub.

GitHub

Asfaload Mar 13

Added a section about #llm usage in the README. The project is not vibe coded, but using llms reponsibly is such a productivity boost! #ai #agents