You can say the same about the vast majority of distribution methods we have. Th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dns_snek 6 months ago \| parent \| context \| favorite \| on: Code highlighting extension for Cursor AI used for... You can say the same about the vast majority of distribution methods we have. There's no difference between `curl \| sh` and executing a binary you download from the internet.

bravesoul2 6 months ago [–]

Checksums and signatures make it slightly better. At least you can go from OK to vulnerable by downloading the same thing as an hour ago. But if you upgrade then yeah.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact