If attacker can modify the shell script, they can modify checksums in the script.
But still that sounds like `curl && sh` is *safer* than downloading the payload directly, because the script can add an integrity check, which users may not do themselves.
HTTPS would notice attack on your DNS (and without transport security you're totally screwed no matter what you download from where).
elementary OS comes with a carefully considered set of apps that cater to every day needs so you can spend more time using your computer and less time cleaning up bloat. Looking for more? Just open AppCenter to choose from tons of pay-what-you-want apps. https://buff.ly/2JwoJtS
Good morning, everyone! I've put up another call for contributions for #entropic: https://discourse.entropic.dev/t/looking-for-help-rust-port-of-http-cache-semantics/258
This one is a particularly nice way for JS devs to get into Rust, since it involves porting an existing JS module! It also has the potential to be widely-used by Rust folks!
Hey #macOS devs, please try the newest Sparkle pre-release: https://github.com/sparkle-project/Sparkle/releases
I'm considering trying #Catalina, especially that I need to ensure Sparkle and ImageOptim are compatible, but since the OS changes partitions, I suspect it's a high risk one-way-only install.
5? 8? I'm confused. #ux
"Privacy Anti-Patterns in Standards | W3C Blog" https://www.w3.org/blog/2019/06/privacy-anti-patterns-in-standards/
Interesting points. I've definitely seen these kinds of discussions in standards meetings.