Skribent: John Morris Dato: Til: dng Emne: Re: [DNG] Pi hole
On Sat, 2016-05-21 at 16:43 +0200, Adam Borowski wrote:
> Yay curl|bash. I'd say recommending such a command as their
> installation
> method means their view on security is so bad that no one should
> touch them
> with a $LENGTH pole.
At least as safe as a package, both are taking executable content from
a source you don't implicitly trust and running it as root. (The
install video shows a normal user but it assumes that user can run
sudo. Look at the source.) Now if it were a http url there would at
least be an argument about Man in the Middle threat, but it is an
https. All they are doing is making a single cut/paste job to install
instead of a list of command most newbs will screw up and then flood
the forums about.