Complaints against curl <https-url> | sh in favor of downloading a pkg are the equivalent of requiring shoes off at TSA. Security theater.
@ReinH Packages CAN be signed and verified (like HTTPS crypto) but unsigned pkg's are not under assault from armchair crypto ppl like | sh
-
-
@wycats True enough. Causes? | sh more *visibly* unsafe? -
@ReinH right, but in fact it's more safe because you CAN easily download and inspect the entire script trivially. -
@wycats Unless that script downloads and runs other scripts ;) But yes, I agree. -
@ReinH you can see that ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.