← Back to context Comment by ryandrake 20 hours ago Good thing we haven't normalized installing things with curl | sh 6 comments ryandrake Reply still_grokking 19 hours ago Yeah, that's great!Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc. om8 19 hours ago cargo/uv/go have lock files though dnnddidiej 16 hours ago with curl | sh you could use a checksum you download with curl! Semaphor 17 hours ago I don’t think that matters as it’s usually curl | sudo sh dawnerd 18 hours ago Or npm being allowed to run arbitrary post install scripts FlyThruTheSun 20 hours ago I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol
still_grokking 19 hours ago Yeah, that's great!Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc. om8 19 hours ago cargo/uv/go have lock files though dnnddidiej 16 hours ago with curl | sh you could use a checksum you download with curl!
om8 19 hours ago cargo/uv/go have lock files though dnnddidiej 16 hours ago with curl | sh you could use a checksum you download with curl!
FlyThruTheSun 20 hours ago I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol
Yeah, that's great!
Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc.
cargo/uv/go have lock files though
with curl | sh you could use a checksum you download with curl!
I don’t think that matters as it’s usually curl | sudo sh
Or npm being allowed to run arbitrary post install scripts
I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol