devmatteini
Verify checksum of the downloaded file before extraction
It would be cool to be able to check the integrity of the download before extracting.
Hi there, what and amazing tool you've written I've wanted something like this integrated into asdf because maintaining the plugins is a thankless horrible jump.
I've also cross posted to here:-
https://github.com/asdf-vm/asdf/issues/1318
Anyway back to the subject.. I saw this announcement https://github.blog/changelog/2025-06-03-releases-now-expose-digests-for-release-assets/
so maybe this could be used to protect against corrupted downloads or mitm attacks
Dang, tested it and they only supported new releases and confirmed on the community chat
https://github.com/orgs/community/discussions/23512
Hi there, what and amazing tool you've written I've wanted something like this integrated into asdf because maintaining the plugins is a thankless horrible jump.
Hi, I'm happy you found dra useful!
Anyway back to the subject.. I saw this announcement https://github.blog/changelog/2025-06-03-releases-now-expose-digests-for-release-assets/
so maybe this could be used to protect against corrupted downloads or mitm attacks
Dang, tested it and they only supported new releases and confirmed on the community chat
https://github.com/orgs/community/discussions/23512
Yeah, it looks like this is the easiest way to integrate the checksum verification. Even if it only works for newer releases, I think it's fine as a trade-off.