Lars Marowsky-Brée 😷Feb 5

Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.

Finally a truly universal installer.

Show threadKlaus FrankFeb 5
@larsmb But does it also leak to the server that you're using "--install" and not just try to download the file so that when you're trying to just download the malicious script the server can send you a version without the malware instead?
Show threadPianosaurus 🕴
@larsmb @agowa338 Lets have curl add a "Variant: without_vulnerabilities" header when --install is specified.
Feb 5 at 3:02pmWeb
Show threadjens perssonFeb 5

@pianosaurus @larsmb @agowa338

I think RFC 3514 "The Security Flag in the IPv4 Header" have place here.

https://www.rfc-editor.org/rfc/rfc3514

RFC 3514: The Security Flag in the IPv4 Header