• 0 Posts
  • 4 Comments
Joined 16 days ago
cake
Cake day: February 26th, 2025

help-circle
  • I never tried to win any argument. Hell I was not even aware that I’m participating in one. I just wanted to share the info, that even if the vendor is absolutely trustworthy and even if you validated the script by downloading and looking at it, there’s still another hole that’s not obvious to see.

    Yes it’s unlikely, but again, I never said it were. There are also arguments you can run curl with, to tell it to do the download first and then push it through the pipe afterwards, though I don’t know them by heart now.

    It won’t cost you anything to set those parameters, when you insist to use curl | bash, just in the off chance that someone’s trying to do what I mentioned.

    But I’m also someone who usually validates their downloads with a checksum so maybe I’m just weird. Who knows.