
Add hash verification to “curl | sh” - russjones
https://git.zx2c4.com/hashpipe/about/
======
LinuxBender
How will people know that the hash is trusted any more than the script they
are executing? Hash validation is mostly useful if you are comparing the hash
from a trusted source to a mirror or CDN object that may have been tampered
with.

Is the premise that I validate the script works as executed with a known hash,
then I link that same script to others, so it is really extending their trust
of me vs. the site with the bash script?

