Dev/curl bash pipe

From Whonix
< Dev

There are at least two user groups:

  • A) Users with the ability to security audit shell scripts: Users with the ability to review shell scripts (such as an installer shell script), can and might review shell scripts. These type of users do not need to be told:

    It's a curl bash pipe, for better security, you might want to 1) download the script, 2) review it in a text editor 3) make it executable if it looks sane 4) execute it".

    They already know that because that's a much more trivial skill than knowing how to audit shell scripts. Even a curl bash pipe is a type of shell script (though usually a rather short one) that people with review skills know how to review.
  • B) Users without the ability to security audit shell scripts: If a user does not have the ability to review a shell script, then there is no difference security wise for the user anyhow. If the user 1) downloads the script, 2) makes the script executable and 3) then executes the script has the same effect as running a curl bash pipe.

related: