Complaints against curl <https-url> | sh in favor of downloading a pkg are the equivalent of requiring shoes off at TSA. Security theater.
@nvll @knowtheory vs. downloading a pkg and running it, where the script being run is hidden from sight.
-
-
@wycats@knowtheory The sh pattern is the same as unsigned, but remove the | sh you can do some verification if it's not a binary format. -
@nvll@knowtheory it's the same as unsigned over HTTPS, yes, with a very simple verification step if you want it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.