← Back to context Comment by ryandrake 13 hours ago Good thing we haven't normalized installing things with curl | sh 6 comments ryandrake Reply still_grokking 13 hours ago Yeah, that's great!Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc. om8 12 hours ago cargo/uv/go have lock files though dnnddidiej 9 hours ago with curl | sh you could use a checksum you download with curl! Semaphor 10 hours ago I don’t think that matters as it’s usually curl | sudo sh dawnerd 11 hours ago Or npm being allowed to run arbitrary post install scripts FlyThruTheSun 13 hours ago I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol
still_grokking 13 hours ago Yeah, that's great!Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc. om8 12 hours ago cargo/uv/go have lock files though dnnddidiej 9 hours ago with curl | sh you could use a checksum you download with curl!
om8 12 hours ago cargo/uv/go have lock files though dnnddidiej 9 hours ago with curl | sh you could use a checksum you download with curl!
FlyThruTheSun 13 hours ago I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol
Yeah, that's great!
Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc.
cargo/uv/go have lock files though
with curl | sh you could use a checksum you download with curl!
I don’t think that matters as it’s usually curl | sudo sh
Or npm being allowed to run arbitrary post install scripts
I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol