undefined | Better HN

0 pointskylemaxwell13y ago0 comments

This seems like such a bad idea... certs exist in repos for very good reasons.

0 comments

Sure, but if you're simply downloading a shell script (whose source code you can see) from github (a site you can trust), I don't see the issue.

Firehed13y ago

If it can't validate the cert, it could be the sign of a MITM attack. Likely? No, but I wouldn't take content with cert issues and run it as root. At least not without validating it in some other way.

hardik98813y ago

You're right. It very well could be a MITM attack. But I guess you could see the source code for yourself after you've downloaded it right?

Anyhow, I agree that using --no-check-certificate is usually a bad idea.

j / k navigate · click thread line to collapse

0 comments

hardik98813y ago

Sure, but if you're simply downloading a shell script (whose source code you can see) from github (a site you can trust), I don't see the issue.

Firehed13y ago

hardik98813y ago

You're right. It very well could be a MITM attack. But I guess you could see the source code for yourself after you've downloaded it right?

Anyhow, I agree that using --no-check-certificate is usually a bad idea.

j / k navigate · click thread line to collapse