I feel like installing a security tool by curling a random script off the internet and piping it into `/bin/bash` is a bit contradictory. Surely there's a better way to install this?
If you're smart enough to realize that there might be something to worry about, you should be smart enough to be able to figure out how to divide the command into three parts instead of one (download the script, inspect the contents and then run the same inspected [local] script).
Every time a project with curl | sh is featured on HN this comes up. At this point we might as well write a bot that scrapes submitted pages for "curl * | * (sh|bash)" and leave this comment for all of them.
> If you're smart enough to realize that there might be something to worry about, you should be smart enough to be able to figure out how to
This is gatekeeping 101.
Some people are just starting out in security/software engineering and things like this might not be obvious to them. It's good that you have suggested what to do but there are different ways to "suggest" things.
Well, this is for users who do not want to work hard:)
If you wish, you can clone the project and build, other option- you can download the file from the release url.
It should be pretty simple to understand from the install.sh script.
Good luck :)
capableweb|4 years ago
Every time a project with curl | sh is featured on HN this comes up. At this point we might as well write a bot that scrapes submitted pages for "curl * | * (sh|bash)" and leave this comment for all of them.
uzakov|4 years ago
This is gatekeeping 101. Some people are just starting out in security/software engineering and things like this might not be obvious to them. It's good that you have suggested what to do but there are different ways to "suggest" things.
hda111|4 years ago
dwertent|4 years ago
hda111|4 years ago