Hacker News new | ask | show | jobs
by DyslexicAtheist 3813 days ago
is this a joke?

Piping random shit off the web straight into a shell. Sounds like worst advise. I'm sure the maintainers of this site really know their stuff when it comes to security.

A malicious attacker will love breaking this site and find out who uses which versions.
2 comments
dang 3813 days ago
This comment breaks the HN guidelines. If you have a question or a criticism there is no reason why you can't express it respectfully. Please don't post any more comments like this.

Install via curl is also, by now, a classic flamewar topic with people who know what they're doing on both sides of the argument and well-trodden arguments all around. Please don't bring topics like that up with indignant denunciation as if you're the first person to encounter an outrage.

link
dchanm 3813 days ago
Hi,

We understand your concerns with the current install mechanisms. We're working toward providing multiple options similar similar to sandstorm.io

https://docs.sandstorm.io/en/latest/install/

There is the risk that we become a high value target. Would a solution that allows a user to query the state of a package/version instead of us storing package sets be acceptable? Or do you believe that SchizoDuckie's database approach to be the only way?

link