I created a little proof of concept last year to highlight some of the risks stoppip.ing
Comment on An Immich LXC came up on community script
ikidd@lemmy.world 3 days ago
Know what you’re running when you pipe to a bash script. Curl-bash pipes are a security mess.
ick@infosec.pub 2 days ago
corsicanguppy@lemmy.ca 2 days ago
Curl-bash pipes are a security mess.
Security mess? Red flag. Avoid.
Sanguine@lemmy.dbzer0.com 3 days ago
Good advice but ime these helper scripts are legit.
ikidd@lemmy.world 2 days ago
I’m pretty familiar with TTech’s legacy, I just mention it because if the repos ever got compromised, it could be a shitshow. IDK what security measures the new maintainers use to secure their access or check PRs, but I get nervous when it’s as popular as it is and such a good vector for complicated installations that are hard to check out. I also don’t know the new maintainers from Adam.
Personally, I’d use the scripts as a guide for DIY.
corsicanguppy@lemmy.ca 2 days ago
Let’s consider a moment the risk you’re subjecting people to, just with a recommendation based on the value of the things you secure without considering what they need to secure.
Sanguine@lemmy.dbzer0.com 2 days ago
I’m not subjecting anyone to anything. I acknowledged that this practice is risky, however these scripts are maintained by a community of other nerds just like every other open source project you enjoy. If you’re going to use these proceed with the same caution you would anything else on the internet, but in my experience they are safe.