top | item 44408170

(no title)

a10r | 8 months ago

You're absolutely right—vet's scope is focused on securing the installer script itself, not the binary it downloads.

The goal is to prevent the installer from being maliciously modified to, for example, skip its own checksum verification or download a binary from a different, malicious URL.

It's one strong link in the chain, but you're right that it's not the whole chain.

discuss

unknown|8 months ago

[deleted]