I can’t believe software developers are still trying to get people to do curl | sh
. It’s easy to miss the problem if you’re still in the mindset of Windows software distribution, but these people are writing software on GNU/Linux, for GNU/Linux. You would think they’d realize that this is never a good idea.
FWOW I don’t think I’ve ever once run such a shell pipeline in my life. who da fuq knows wtf that thing is even doing 🤣
@mckinley@twtxt.net Yep, so wrong on so many levels.
@movq@www.uninformativ.de I just don’t want to run such crapware. Browser, mail client and video player aside, I think I don’t do too bad on that regard with my private stuff. Yeah, definitely ignoring the situation at the dayjob.
@prologic@twtxt.net Only for Rust. Otherwise I stay away from that for sure.
@movq@www.uninformativ.de It’s possible for a Web server to detect whether or not you’re piping the output into a shell and change its output based on that, which makes curl | sh
so much worse in my opinion.
@movq@www.uninformativ.de Maybe it’s just a cargo cult thing (pun intended) because it’s somehow an accepted way to install a piece of software.