|
|
|
|
|
|
by chlorion
130 days ago
|
|
|
>The curl|sh workflow is no more dangerous that downloading an executable off the internet It actually is for a lot of subtle reasons, assuming you were going to check the executable checksum or something, or blindly downloading + running a script. The big thing is that it can serve you up different contents if it detects it's being piped into a shell which is in theory possible, but also because if the download is interrupted you end up with half of the script ran, and a broken install. If you are going to do this, its much better to do something like: sh -c "$(curl https://foo.bar/blah.sh)"
Though ideally yes you just download it and read it like a normal person. |
|
|