piping random scripts from the internet into bash is the worst way of installing things. imagine if there was an operating system where this was the main way of installing things, and people just googled the program name, clicked the first link, and ran an executable file with admin permissions. imagine that
@lynnesbian "curl | sudo bash" is a bad idea even if you inspected the script before because it is possible for a web server to detect this and only send you malicious code in that case, serving harmless code otherwise if you download the file to inspect it before running it: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
Of course that doesn't make running obfuscated binary executables without any signatures from random web servers any more reasonable either.
@silentium that is a very interesting attack vector
i would still assume that there's pretty much nobody using this, whereas windows installers that turn out to be viruses are more common than that
@lynnesbian You are probably right, but it is still a bad idea for project websites to propagate this as their primary way of installing their software. It leads to people getting used to this behaviour and be careless with other "curl | bash" instructions in the future as well.
@silentium yeah i agree, curl | bash is a pretty bad idea
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!