Just had another argument about curl|sh, so I'm going to say this top level for future reference.
The way we use curl|sh is as secure, or more secure, than traditional distro distribution mechanisms (e.g. ISO images with hashes or PGP signatures) for 99.9% of users. If you think otherwise, you don't understand the threat models involved, and you're wrong.
If you are in the 0.1% that actually cross-references PGP keys against multiple sources, exchanges keys in person, and that kind of thing, then you could indeed actually benefit from a more secure distribution mechanism. You're also, unfortunately, not a significant enough fraction of our user base for us to spend time catering to your increased security demands, that we could instead be spending improving security for everyone (such as by working on SEP support for hardware-backed crypto operations, or figuring out how to actually offer FDE reasonably in our installer).
And if you're not, but curl|sh still gives you the ick even though you have no solid arguments against it (you don't, trust me, none of you do, I've had this argument too many times already), that's a you problem.
Hector Martin /
npub1qk…9azpx
2024-05-23 10:39:26
Author Public Key
npub1qk9x6yrvten3jqyvundn7exggm90fxf9yfarj5eaz25yd7aty8hqe9azpxPublished at
2024-05-23 10:39:26Event JSON
{
"id": "7a78a94f859616f9279635b640538af9b74813b72b6969d583206cad5a10a494",
"pubkey": "058a6d106c5e6719008ce4db3f64c846caf49925227a39533d12a846fbab21ee",
"created_at": 1716460766,
"kind": 1,
"tags": [
[
"proxy",
"https://social.treehouse.systems/@marcan/112489972769723170",
"web"
],
[
"proxy",
"https://social.treehouse.systems/users/marcan/statuses/112489972769723170",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.treehouse.systems/users/marcan/statuses/112489972769723170",
"pink.momostr"
]
],
"content": "Just had another argument about curl|sh, so I'm going to say this top level for future reference.\n\nThe way we use curl|sh is as secure, or more secure, than traditional distro distribution mechanisms (e.g. ISO images with hashes or PGP signatures) for 99.9% of users. If you think otherwise, you don't understand the threat models involved, and you're wrong.\n\nIf you are in the 0.1% that actually cross-references PGP keys against multiple sources, exchanges keys in person, and that kind of thing, then you could indeed actually benefit from a more secure distribution mechanism. You're also, unfortunately, not a significant enough fraction of our user base for us to spend time catering to your increased security demands, that we could instead be spending improving security for everyone (such as by working on SEP support for hardware-backed crypto operations, or figuring out how to actually offer FDE reasonably in our installer).\n\nAnd if you're not, but curl|sh still gives you the ick even though you have no solid arguments against it (you don't, trust me, none of you do, I've had this argument too many times already), that's a you problem.",
"sig": "e5bd4df67435f464a70812173a8c086ecdb693ff704e7e364155c6e5ef9a7e076599d8c8dc3ab18d90290d5430a7e514f2994a1e05b0a6560ebb680f5d651cf6"
}