Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/geofft/statuses/112490510355032704">Geoffrey Thomas (geofft@mastodon.social)'s status on Friday, 24-May-2024 04:22:29 JST</a><a href="https://mastodon.social/@geofft" title="geofft@mastodon.social"><img src="https://gnusocial.jp/avatar/252612-48-20240329230048.webp" width="48" height="48" alt="Geoffrey Thomas" style="position: absolute; left: 0; top: 0;">Geoffrey Thomas</a><div><a href="https://hachyderm.io/@dalias/112490181632752240" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/221374" title="theartlav@hachyderm.io">Lona Theartlav</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://social.treehouse.systems/@marcan">@marcan</a> <a href="https://hachyderm.io/@theartlav">@theartlav</a> But there is no such rule! Plenty of projects that are _not_ security clowncars recommend curl|bash for thoughtful reasons. Plenty of projects that are security clowncars ship source tarballs with unreproducible ./configure scripts.</p><p>There is a _perception_ that it's bad, yes. I think a respected project using curl|bash is just as likely to to rehabilitate curl|bash and fix that perception, especially if (as here, as Sandstorm did, etc.) they write about why it's okay.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3134162#notice-6205823">In conversation</a><time datetime="2024-05-24T04:22:29+09:00" title="Friday, 24-May-2024 04:22:29 JST">about 6 months ago</time> <span>from <span><a href="https://mastodon.social/@geofft/112490510355032704" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@geofft/112490510355032704">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Geoffrey Thomas (geofft@mastodon.social)'s status on Friday, 24-May-2024 04:22:29 JSTGeoffrey Thomas
in reply to
- Rich Felker
- Lona Theartlav
@dalias @marcan @theartlav But there is no such rule! Plenty of projects that are _not_ security clowncars recommend curl|bash for thoughtful reasons. Plenty of projects that are security clowncars ship source tarballs with unreproducible ./configure scripts.
There is a _perception_ that it's bad, yes. I think a respected project using curl|bash is just as likely to to rehabilitate curl|bash and fix that perception, especially if (as here, as Sandstorm did, etc.) they write about why it's okay.
In conversationabout 6 months ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice