Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/geofft/statuses/112490534259602546">Geoffrey Thomas (geofft@mastodon.social)'s status on Friday, 24-May-2024 04:28:22 JST</a><a href="https://mastodon.social/@geofft" title="geofft@mastodon.social"><img src="https://gnusocial.jp/avatar/252612-48-20240329230048.webp" width="48" height="48" alt="Geoffrey Thomas" style="position: absolute; left: 0; top: 0;">Geoffrey Thomas</a><div><a href="https://mastodon.social/@geofft/112490510355032704" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/221374" title="theartlav@hachyderm.io">Lona Theartlav</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://social.treehouse.systems/@marcan">@marcan</a> <a href="https://hachyderm.io/@theartlav">@theartlav</a> One argument in favor of curl|bash: all realistic alternatives - third-party rpm/deb/etc., pip install, building from source, etc. - are just as capable of running arbitrary code but they _look_ less dangerous. curl|bash is honest about its risk and makes people think whether they trust the source.</p><p>If a project can use a sandboxed app store or run on a web page, that's meaningfully better, but almost no project considering curl|bash can do that.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3134162#notice-6205872">In conversation</a><time datetime="2024-05-24T04:28:22+09:00" title="Friday, 24-May-2024 04:28:22 JST">about 6 months ago</time> <span>from <span><a href="https://mastodon.social/@geofft/112490534259602546" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@geofft/112490534259602546">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Geoffrey Thomas (geofft@mastodon.social)'s status on Friday, 24-May-2024 04:28:22 JSTGeoffrey Thomas
in reply to
- Rich Felker
- Lona Theartlav
@dalias @marcan @theartlav One argument in favor of curl|bash: all realistic alternatives - third-party rpm/deb/etc., pip install, building from source, etc. - are just as capable of running arbitrary code but they _look_ less dangerous. curl|bash is honest about its risk and makes people think whether they trust the source.
If a project can use a sandboxed app store or run on a web page, that's meaningfully better, but almost no project considering curl|bash can do that.
In conversationabout 6 months ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice