- cross-posted to:
- linux@programming.dev
- linux@lemmy.ml
- cross-posted to:
- linux@programming.dev
- linux@lemmy.ml
cross-posted from: https://jlai.lu/post/8476122
Zed on Linux is out!
cross-posted from: https://jlai.lu/post/8476122
Zed on Linux is out!
Might be neat. Might check it out. But devs really need to stop asking me to install things by curling a script and piping it into my shell. There are better ways to do this. Doing this leaves a massive possible attack surface.
No matter how they package it, running a binary downloaded from Internet has the same attack surface
You are right, except for one detail. Package managers almost always validate the packages using digital signatures, to avoid man-in-the-middle attacks. You don’t need to trust the network anymore. Shell scripts piped to a shell don’t have that protection. You still have to trust the developers and maintainers, though.
Shell scripts have md5 signatures