When did it become acceptable for the official installation method to be running a random script on your server?
No one should be running that without personally verifying each line. What if I want to uninstall it? (I haven’t looked at this script) but many don’t effectively clean up properly after uninstalling, as that’s an afterthought.
What is specifically wrong with the dozens of existing packaging solutions we already have?
It became acceptable along with containers, so that the very OS the script is working on, is already isolated and disposable. You also mentioned dozens of packaging solutions. Which package manager should a single developer target first? Which package manager offers safety assurances enough that a customer wouldn't need to "personally verify each line" of the package manager's script?
> No one should be running that without personally verifying each line.
Ok, if you feel so strongly about it, then before you paste the link into your terminal and hit enter to execute it, how about you uh... open the shell script it will execute in your browser and read the contents of it?
You use this idea that people are executing stuff they don't know and blaming the tools for it but don't think to read the script yourself?
> Ok, if you feel so strongly about it, then before you paste the link into your terminal and hit enter to execute it, how about you uh... open the shell script it will execute in your browser and read the contents of it?
As an FYI - unless the script is on a site like GitHub (which you can assume to be behaving truthfully), it's possible for a server to respond differently according to the user agent, allowing a malicious file to be served if it's downloaded via `curl` or `wget`.
As an FYI - The bash script downloads it and then runs bash on the file created on your local system, there's no way to determine if the user is downloading and piping directly into bash or if they're just downloading the file, so change the script before executing from
How is running an "random" script any different than running a "random" binary? With a script at least you CAN look at each line. With a binary you have no clue what the fuck it is doing.
Running random binaries is also a terrible idea. They should be packages that integrate with your local package manager, and which are signed by some entity that you've decided to trust.
and who would that be? Are you suggesting that you ONLY install software signed by developers you have personally verified the keys of? or that you know personally? Because if not, your argument is void because you're trusting completely unknown people who may actively be working to compromise your computer.
The fact that the software was signed doesn't mean anything if you don't actually verify each signature, and even then it only means that what they put up is what you downloaded. It doesn't mean it's not malware. It doesn't mean it doesn't have a back door. It doesn't mean it's not filled with security holes.
You don't need to know people personally to trust a signature, you just need to know that the organizations they're coming from are at least somewhat reputable. Ideally, signatures should all chain up to the root of trust in your package manager, which is presumably operated by some entity that you've decided to place some trust in.
It's not only the original author, don't forget, but it's any malicious actor that's managed to compromise that hosted script.
It should be viewed in the same way that a package author on NPM or PyPI may publish a malicious package, either themselves or via their account being compromised. It's not particularly common, but nor is it impossible and could present a good targe.
> What is specifically wrong with the dozens of existing packaging solutions we already have?
specifically? Specifically: they are even WORSE from a security standpoint because you don't have the option of "personally verifying each line". Just because someone's stuck it in a nice easy-to-install package doesn't mean it's not a virus / malware / whatever.
are you suggesting that you read the source code of every app / tool you download before you execute it? If not, hello... pot. kettle?
Presumably for the same reason that ML models seem to self-download to god knows where instead of giving you a URL to a download link and telling you where to place the file?
Or those awful programs that give you a stub when you try to download the app, only to download the actual payload to, again, god-knows-where.
Or even worse, packaging your app in a docker container!
Seriously people, give a CURL-compatible URL to your actual payload and then get the hell out of the way
No one should be running that without personally verifying each line. What if I want to uninstall it? (I haven’t looked at this script) but many don’t effectively clean up properly after uninstalling, as that’s an afterthought.
What is specifically wrong with the dozens of existing packaging solutions we already have?