Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit)
From: "Soni L." <fakedme@...>
Date: Fri, 6 May 2016 20:03:56 -0300



On 06/05/16 07:01 PM, Rena wrote:

On Fri, May 6, 2016 at 4:18 PM, Tim Caswell <tim@creationix.com<mailto:tim@creationix.com>> wrote:


    Also it does appear that people feel more comfortable downloading
    a binary (I can add hash sums on the website if people bother to
    verify).


From best to worst:

* Downloading source with hashes
* Downloading source with no hashes
* Downloading a binary with hashes
* Downloading a binary with no hashes
* Piping from the web directly into a shell

* Piping from the web directly into a root shell


A binary is still pretty difficult to read.


--
Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.

References:
- Re: [ann] Blog post on Luvit without Luvit, Tim Caswell
- Re: [ann] Blog post on Luvit without Luvit, Peter Aronoff
- Re: [ann] Blog post on Luvit without Luvit, Tim Caswell
- `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit), Peter Aronoff
- Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit), Jonathan Goble
- Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit), Tim Caswell
- Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit), Rena

Prev by Date: Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit)
Next by Date: Re: [ANN] Lua 5.3.3 (rc1) now available
Previous by thread: Re: `curl | sh` (was Re: [ann] Blog post on Luvit without Luvit)
Next by thread: Lua compilation bug
Index(es):
- Date
- Thread