Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
-
@larsmb
--insecure is implicit in this mode, correct?@vyskocilm Snark aside, with "https" probably as (in)secure as getting the respective package from any community distribution.
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb But does it also leak to the server that you're using "--install" and not just try to download the file so that when you're trying to just download the malicious script the server can send you a version without the malware instead?
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb This should work fine with openclaw!! You are ahead of the time.
-
@larsmb You could then extend https://xkcd.com/1654/ with `curl --install "https://get${1}.dev/install.sh" &`
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb
I was shortly thinking that that is a chicken/egg situation if you want to install cURL via the `--install` option... 
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb better naming: "--submit" or "--infect"
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb This is much longer to type than |sh -
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb Bonus, it would stop people getting confused from typing `sudo curl $URL | sh -` instead of `curl $URL | sudo sh -`
...nope, still nope!
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb What could possibly go wrong?
-
@larsmb Also, curl should require sudo!
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb Or `curl --bash`
-
-
@larsmb But does it also leak to the server that you're using "--install" and not just try to download the file so that when you're trying to just download the malicious script the server can send you a version without the malware instead?
-
@larsmb
I was shortly thinking that that is a chicken/egg situation if you want to install cURL via the `--install` option... @larsmb @heiglandreas Let's just do a Microsoft, and ship every OS with something that isn't curl aliased as curl.
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb This is a plan without a flaw nor any possibility of error!
-
@pianosaurus @larsmb @agowa338
I think RFC 3514 "The Security Flag in the IPv4 Header" have place here.
-
@larsmb Also, curl should require sudo!
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb it should default to sudo to make things easy.
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb please make it check a malware filter before passing it to $shell
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
Not sure how "| sh" is any less secure than what people do 99.9% of the time anyway, which is download an installer or executable and not bother or validate it.
If you really want to change the world, work out an actually secure mechanism (tall order!) and have --install implement it. Not sure what that would look like: https requirement, maybe a database of known/vetted installations, a means to report issues. Very tall order.
