verification of downloaded archives
We should verify the integrity of downloaded archives used to install e.g. pg_back (and later Prometheus postgres_exporter !10); even better would be to verify their signature if available.
This is what's mentioned in the documentation of ansible.builtin.unarchive about remote_src
:
This is only for simple cases, for full download support use the ansible.builtin.get_url module.
And so the ansible.builtin.get_url
module has a checksum
parameter: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html#parameter-checksum.