• samwise@beehaw.org
    link
    fedilink
    arrow-up
    36
    ·
    4 months ago

    Might be neat. Might check it out. But devs really need to stop asking me to install things by curling a script and piping it into my shell. There are better ways to do this. Doing this leaves a massive possible attack surface.

    • shaked_coffee@feddit.it
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      Agree. Not at all a security expert here, but maybe doing it inside a distrobox could be a temporary fix?

      Forget it, I just tried and it seems it gets installed in your home directory so using distrobox doesn’t change anything (apparently, but as I said I’m not an expert so feel free to correct me if I’m wrong).

      However, I’ve seen they also have it available through a bunch of package managers like nix, arch and Fedora