top | item 40597170

(no title)

> everyone copy-pastes commands other people wrote straight into the terminal

I know a lot of people that use Linux and not many of them operate this way. Most care about their software sources. "Everyone" is certainly not the case.

discuss

g15jv2dp|1 year ago

And yet when I complained about `curl | sh` on HN the other day, I got ridiculed. "Everyone" is too much, but even on a purportedly "hacker" website, people find the idea of perusing a shell script before executing it preposterous.

neilv|1 year ago

Something that's hard to remember, but helps a little: if you get 3 people saying stupid things, that's only 3 people -- not necessarily representative of the people out there.

dcow|1 year ago

But `curl | sh` is no less secure. Download this file and execute it. Functionally the same outcome. Tell me how doing that is materially different than `apt get`. Both employ signing and checksums (just with different PKI). One delegates trust to a package maintainer while the other trusts the author directly. I truly don’t understand the paranoia and consider it tinfoil hat security theater.