this post was submitted on 05 Mar 2024
132 points (87.1% liked)

Open Source

31366 readers
142 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Radicle: Open-Source, Peer-to-Peer, GitHub Alternative
https://radicle.xyz/
@opensource

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 55 points 8 months ago (1 children)

This doesn't pass the smell test.

  • Instructs to pipe the output of curl in sh
  • Assumes that sh is bash [^1]
  • "Community" behind it is apparently originating in Berlin, and is now a "nonprofit foundation in Switzerland", but has no publicly disclosed legal structure anymore.
  • "Community" behind it uses discord, but not revolt, matrix, simplex or others.
  • "Community" behind it uses twitter, but not mastodon.
  • Cryptobros.

[^1]: sh <(curl -sSf https://url.redacted/script)

[–] [email protected] 5 points 8 months ago (2 children)

Installing by piping from curl is pretty common and not a red flag in and of itself. Even Rust is installed this way. If you don't trust the URL, you also shouldn't trust any binary installers downloaded from that website.

[–] [email protected] 12 points 8 months ago

Installing by piping from curl is

Toxic. Speaking as someone who was security chief at an OS, what you meant to say was 'toxic'.

Given its insidious nature, though, 'venomous' may be a good alternate.