undefined | Better HN

0 pointsrsy9610y ago0 comments

Not because he is suggesting curl. But because he is suggesting curling without TLS.

0 comments

3 comments · 1 top-level

Ao7bei3s10y ago· 2 in thread

TLS wouldn't help; the greatest risk is the author himself sending a malicious script (no offense, Sergii).

So everyone needs to check the script before running it anyway. Which is easy, because it's a very short script.

(Of course, it's so short that it might as well have been an alias or, even better, just a copy-pasteable git command, but I guess the author really wanted to call it 'git punish'.)

greggman10y ago

How is this any different than any app/executable/script period? When you download VLC did you read all the code to check it's not installing a root kit? When you added some python lib do you go through all the code and make sure that on the 20th run it doesn't upload your private ssh keys? Have you checked all the vim or emacs code in your latest download before running it? Maybe I'm missing the issue but they all seem about the same level of bad.

Am I missing something?

Ao7bei3s10y ago

No, what you're saying is exactly my point: there's nothing wrong here.

j / k navigate · click thread line to collapse