Comment by pjmlp
2 months ago
Because even with HTTPS that script might not do what you expect and then is too late, xz style attack.
2 months ago
Because even with HTTPS that script might not do what you expect and then is too late, xz style attack.
You're already installing a binary, the script is not the weak link here.
Depends, installing binaries on GNU/Linux usually assumes validated distro repos.