It is also terrible conditioning to pipe stuff to bash because it’s the equivalent of “just execute this .exe, bro”. Sure, right now it’s github, but there are other curl|bash installs that happen on other websites.
Additionally a tar allows one to install a program later with no network access to allow reproducible builds. curl|bash is not repoducible.
But…“just execute this .exe, bro” is generally the alternative to pipe-to-Bash. Have you personally compiled the majority of software running on your devices?
I would encourage you to read up on the issue before thinking they haven’t.
Here is the most sophisticated exploit: Detecting the use of “curl | bash” server side.
It is also terrible conditioning to pipe stuff to bash because it’s the equivalent of “just execute this
.exe, bro”. Sure, right now it’s github, but there are other curl|bash installs that happen on other websites.Additionally a tar allows one to install a program later with no network access to allow reproducible builds. curl|bash is not repoducible.
Anti Commercial-AI license
But…“just execute this
.exe, bro” is generally the alternative to pipe-to-Bash. Have you personally compiled the majority of software running on your devices?