Hacker News new | past | comments | ask | show | jobs | submit login

I've never ran curl | bash once and I use linux fairly regularly in the past 20 years. If I absolutely have to install something where the only way is to pipe a curl to bash (which is incredibly rare), I first download the script, review it and only then execute it. Doing curl | bash is absolutely not security best practice.



But realistically what those scripts do is always download and run even more code, and you probably aren't reviewing that.


Yup, it's why if I run this, it's really the last resort and I most likely will run it in an isolated container.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: