Y
Hacker News
new
|
ask
|
show
|
jobs
by
kylemaxwell
5035 days ago
This seems like such a bad idea... certs exist in repos for very good reasons.
1 comments
hardik988
5035 days ago
Sure, but if you're simply downloading a shell script (whose source code you can see) from github (a site you can trust), I don't see the issue.
link
Firehed
5035 days ago
If it can't validate the cert, it could be the sign of a MITM attack. Likely? No, but I wouldn't take content with cert issues and run it as root. At least not without validating it in some other way.
link
hardik988
5035 days ago
You're right. It very well could be a MITM attack. But I guess you could see the source code for yourself after you've downloaded it right?
Anyhow, I agree that using --no-check-certificate is usually a bad idea.
link