
A system for signed installers to replace curl | sh - matt2000
https://github.com/ellotheth/pipethis
======
gemma
Author here, just noticed this submission. Happy to answer any questions. (You
may also be interested in the discussions on Proggit[0] and /r/golang[1].)

[0]
[https://www.reddit.com/r/programming/comments/426zsv/pipethi...](https://www.reddit.com/r/programming/comments/426zsv/pipethis_stop_piping_the_internet_into_your_shell/)

[1]
[https://www.reddit.com/r/golang/comments/4261he/pipethis_sto...](https://www.reddit.com/r/golang/comments/4261he/pipethis_stop_piping_the_internet_into_your_shell/)

------
smt88
This seems to make downloading scripts safer when encryption isn't supported
by the server. Is that true, or am I way off base?

(For those reading who are incredulous that a reasonable person would ask you
to download an installation script over unencrypted HTTP, you are right to be
incredulous. Even some large-ish companies do it. It's insane.)

~~~
gemma
Yup. It adds an extra identity verification layer, whether your script is
served over SSL or not.

