Y
Hacker News
new
|
ask
|
show
|
jobs
by
d110af5ccf
1530 days ago
Presumably you trust the authors or you wouldn't be downloading it to begin with. The primary concern isn't "what if the authors are out to get me" it's "what if someone impersonates or compromises the authors".
1 comments
jjgreen
1530 days ago
Indeed, and this can be done semi-covertly given that one can detect a "curl install" server-side [1] and serve-up hostile code in just that case
[1]
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...
link
leaflets2
1527 days ago
Thanks! Interesting (the cURL stuff)
link
[1] https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...