top | item 44488744 (no title) whyever | 7 months ago All the attacks you described also apply to downloading and executing a file. I don't think `curl | sh` is worse in this regard. discuss order hn newest bflesch|7 months ago With a downloaded file your antivirus will run automated checks on it, you can calculate a hash signature and compare the value with others who also download the file, and you will notice if the file changes after you execute it. davedx|7 months ago If you download it first, you can at least eyeball what's been downloaded to check it doesn't start by installing a bitcoin miner geysersam|7 months ago How often do people do that when they install a package from npm, pypi, or other package repository? In practice never. load replies (1)
bflesch|7 months ago With a downloaded file your antivirus will run automated checks on it, you can calculate a hash signature and compare the value with others who also download the file, and you will notice if the file changes after you execute it.
davedx|7 months ago If you download it first, you can at least eyeball what's been downloaded to check it doesn't start by installing a bitcoin miner geysersam|7 months ago How often do people do that when they install a package from npm, pypi, or other package repository? In practice never. load replies (1)
geysersam|7 months ago How often do people do that when they install a package from npm, pypi, or other package repository? In practice never. load replies (1)
bflesch|7 months ago
davedx|7 months ago
geysersam|7 months ago