Comment by geggam
7 years ago
Let's say for discussion that we allow this curl| bash process because it is from a "safe" source.
How do we come back next week and ensure some other process hasn't changed the files ?
Package your files with a signed system. Auditing the files is trivial after that.