|
|
|
|
|
|
by Someone
1276 days ago
|
|
|
> You're downloading both the script and the binary from the host. Technically, if you don’t read the script, you don’t know the binary is from the same host. That doesn’t matter, though. The chain of trust is deep, including the tooling that produced the binary, your CPU, the internet, etc. Downloading the first file basically says “I trust this site to give me this tool and nothing else”. Where it then gets that stuff from shouldn’t matter, even if it is from a shady site. You trusted them not to do that, just as you trusted them not to open up their own site so that hackers can replace files ont it. |
|
|