undefined | Better HN

0 pointsthombles5y ago0 comments

Not sure if serious, but I will point out this is significantly different. If I'm installing an application like homebrew or the Rust toolchain then I am explicitly giving them the right to code execution. It doesn't much matter whether they get it through the script on their website or the binaries downloaded from that website.

Random libraries, possibly pulled in by a dependency of a dependency of a dependency... not so much.

0 comments

hda25y ago

I know this is besides the point, but rust can be installed - without piping the output of a public-facing server into a privileged shell - by using their offline installer: https://forge.rust-lang.org/infra/other-installation-methods...

They offer PGP signatures too!

j / k navigate · click thread line to collapse

0 pointsthombles5y ago0 comments

Random libraries, possibly pulled in by a dependency of a dependency of a dependency... not so much.

0 comments

hda25y ago

They offer PGP signatures too!

j / k navigate · click thread line to collapse