Lars Marowsky-Brée 😷Feb 5

Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.

Finally a truly universal installer.

Show threadSteven Op de beeck

@larsmb @bagder It’s too bad it got so normalised to let scripts from the internet run unchecked on our computers. That’s universally a bad idea, do we need to make it any easier?

https://mastodon.social/@stevenodb/116022371751014959

Feb 6 at 6:55amIvory for iOS
Show threadLars Marowsky-Brée 😷Feb 6

@stevenodb @bagder I'm not actually sure that's entirely true.

Package managers _also_ run "scripts from the Internet". And the next step they do is run the program that was just so installed. So if you don't trust the dev, you're still screwed.

Yes, there are many issues, and people surely shouldn't point it at random URLs either, but for a legitimate upstream project? I'm not sure the "security implications" are all that real.

(Sorry, my original post was snark, this reply isn't :-)