Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
-
@larsmb Also, curl should require sudo!
@tux0r You mean "--install --force"? Yes.
-
I am uncertain if that's the patch I want to be known for though.
But I have set a reminder for in 32 days.
@larsmb You could then extend https://xkcd.com/1654/ with `curl --install "https://get${1}.dev/install.sh" &`
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb
--insecure is implicit in this mode, correct? -
@larsmb
--insecure is implicit in this mode, correct?@vyskocilm Snark aside, with "https" probably as (in)secure as getting the respective package from any community distribution.
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb But does it also leak to the server that you're using "--install" and not just try to download the file so that when you're trying to just download the malicious script the server can send you a version without the malware instead?
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb This should work fine with openclaw!! You are ahead of the time.
-
@larsmb You could then extend https://xkcd.com/1654/ with `curl --install "https://get${1}.dev/install.sh" &`
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb
I was shortly thinking that that is a chicken/egg situation if you want to install cURL via the `--install` option... 
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb better naming: "--submit" or "--infect"
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb This is much longer to type than |sh -
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb Bonus, it would stop people getting confused from typing `sudo curl $URL | sh -` instead of `curl $URL | sudo sh -`
...nope, still nope!
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb What could possibly go wrong?
-
@larsmb Also, curl should require sudo!
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb Or `curl --bash`
-
-
@larsmb But does it also leak to the server that you're using "--install" and not just try to download the file so that when you're trying to just download the malicious script the server can send you a version without the malware instead?
-
@larsmb
I was shortly thinking that that is a chicken/egg situation if you want to install cURL via the `--install` option... @larsmb @heiglandreas Let's just do a Microsoft, and ship every OS with something that isn't curl aliased as curl.
-
Hot take: If we added a "--install" option to #curl, we could optimize many a "| sh -" pipeline away.
Finally a truly universal installer.
@larsmb This is a plan without a flaw nor any possibility of error!
-
@pianosaurus @larsmb @agowa338
I think RFC 3514 "The Security Flag in the IPv4 Header" have place here.
-
@larsmb Also, curl should require sudo!
