|
|
|
|
|
|
by dividuum
3431 days ago
|
|
|
Unless I misunderstood their description, they can man-in-the-middle for the disposable keys use-case anyway. If you don't trust them, don't use the software. I don't really mind having curl|sh installation instructions as long as they use https and the script is written so that truncated downloads don't cause any harm. If you know that this is a risky way of installing software, nothing prevents you from manually verifying the installation script or following the manual installation instructions. Everyone else probably doesn't have the means to properly evaluate the downloaded software anyways. |
|
|