On Sun, 12 Apr 2020 11:37:24 +0300 Andrei POPESCU <andreimpope...@gmail.com> wrote:
> On Du, 12 apr 20, 09:17:18, to...@tuxteam.de wrote: > > On Sun, Apr 12, 2020 at 09:52:50AM +0300, Andrei POPESCU wrote: > > > > [...] > > > > > There are sufficient tutorials advising to download random scripts and > > > run with root privileges. > > > > My fave still is > > > > curl https://random.site.net/script | sudo bash > > > > And there are still people out there who even advocate it [1]. > > > > I think I was three when my mom taught me not to stuff random scripts > > ...uh stuff I found on the street into my mouth. > > Excelent analogy :) > > > Cheers > > [1] https://gist.github.com/btm/6700524 > > Thanks for that, I haven't thought of the potential for unintended > damage mentioned in the comments (e.g. due to incomplete download, > overriding already installed software, etc.). Interesting discussion. I've looked quickly at the other side [1], however, and there seem to be serious people and arguments in that direction as well. Are they so obviously wrong? [The objection Andrei notes here is specifically countered by the "curl | bash" defenders, although even I can see that the counter is not as strong as the objection.] [1] https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install https://news.ycombinator.com/item?id=12766049 Celejar
