Y
Hacker News
new
|
ask
|
show
|
jobs
by
hardik988
5035 days ago
Sure, but if you're simply downloading a shell script (whose source code you can see) from github (a site you can trust), I don't see the issue.
1 comments
Firehed
5035 days ago
If it can't validate the cert, it could be the sign of a MITM attack. Likely? No, but I wouldn't take content with cert issues and run it as root. At least not without validating it in some other way.
link
hardik988
5035 days ago
You're right. It very well could be a MITM attack. But I guess you could see the source code for yourself after you've downloaded it right?
Anyhow, I agree that using --no-check-certificate is usually a bad idea.
link