Hacker News new | ask | show | jobs
by nmjohn 4276 days ago
It's a little worse because with curl | sh - you inhernetly aren't able to check a md5 hash or a signature to verify the file is actually what you wanted.

Now while even with binaries people might now actually do that often enough - it at least is still an option.
2 comments
kaoD 4276 days ago
You need a secure channel like HTTPS to get that hash, in which case, does it really matter if you just run the script anyways?
link
adestefan 4276 days ago
The signature can be a perfect match and still harm your system. Do you reverse engineer every binary that you run?
link