With all the talk recently about making various forms of code safety national priorities, why in the world does any major compiler promoting built-in code safety features still think the official way to install it should be the anything but safe code delivery method curl-pipe-shell?

Follow

Even if I did trust you as much as I trust my OS package manager, I can't trust that it will always be the real you on the other end of my link to you, and it's possible for an attacker to trick curl into giving one script to less and another script to bash. web.archive.org/web/2024022819 Why set yourself up as a huge target like this?

Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!