Complaints against curl <https-url> | sh in favor of downloading a pkg are the equivalent of requiring shoes off at TSA. Security theater.
@dmitry_vk how? I download packages via HTTP(S) too. Same MITM applies.
-
-
@wycats pkg manager actually validate the package content; that's strictly stronger guarantee. -
@dmitry_vk not OSX .pkg, and not PPAs, both of which are used when | sh makes sense. -
@dmitry_vk or do you feel as strongly that you should not use PPAs as you do about| sh? -
@wycats I'm actually more comfortable with PPA/.deb/.ebuild not b/c of security; pkg mgr prevents a lot of bugs of custom installers -
@dmitry_vk it's pretty easy to mess up your PPA and I've experienced that. -
@dmitry_vk but now we're pretty far from the knee jerk "stupidest idea in the world, LOL what idiots" response I was reacting to. -
@wycats sure; "curl HTTP://..." deserves this reaction, not "curl HTTPS://..." -
@dmitry_vk fine with me. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.