[soraminazuki]

GP likely meant differentiating `curl` and `curl | bash`.

https://web.archive.org/web/20240520142212/https://www.idont...

[Repulsion9513]

Did they? IDK, just differentiating browser from curl is incredibly likely to be "good enough" as an attacker.

[Dylan16807]

I did have that attack in mind, yes.

But honestly it doesn't take a lot of sophistication to hide an exploit somewhere in an entire piece of software. The average person is very vulnerable to a malicious dev and the way they download is very unlikely to matter as long as it's not http://