|
|
|
|
|
|
by junon
1700 days ago
|
|
|
> but how is it bad security practice? Companies / organizations / team members go rogue sometimes. We've seen this even recently with e.g. kicad, freenode, the timezone database, etc. Just because you trust the source doesn't mean you should trust all of the scripts they tell you to run. Even if it's a good-faith script, you have no idea if it's making assumptions about your system that are not true and opening you up to sidechannel attacks and the like. Curl to a file first, inspect the script, consider it within the context of your own system, then run it if you deem it's safe. |
|
|
But you can still do that if you want? It is not like this is a hidden executable or something.