undefined | Better HN

0 pointsgnulinux7y ago0 comments

That command makes my eyes twitch. This sort of "download random stuff from internet, then pipe them to ruby/perl/python" madness should end, like right now. I'm assuming you're a reasonable person who knows what that commands does. Can you really not see how people can misuse commands like this to execute arbitrary code on people's computers, even experienced engineers if they carelessly copy-paste code like this. As a rule of thumb, to whoever reading this, please don't trust random strangers online and run their code. You never know. Always download code from trusted sources and check sha hashes. Piping anything else to ruby/perl/python is playing with fire.

0 comments

shpx7y ago

That command curls a ruby file from the Homebrew repository on Github. If that Github repo (or Github) is compromised, then no matter how you installed homebrew, you are going to get hacked the next time you run `brew update`, which by default is run on every `brew install`.

For me, the odds of that repo being compromised for long enough are outweighed by the convenience. This has been brought up on HN before and I'm not convinced.

aaaaaaaaaab7y ago

Would you notice if that URL was “raw.githubusercontent.someotherdomain.com” instead of “raw.githubusercontent.com”?

I’m pretty sure at least 50% would merrily copy & paste it in their shell.

nomel7y ago

Alternatively, follow the homebrew installation instructions: https://docs.brew.sh/Installation

j / k navigate · click thread line to collapse