I created a little proof of concept last year to highlight some of the risks stoppip.ing
Comment on An Immich LXC came up on community script
ikidd@lemmy.world 3 weeks ago
Know what you’re running when you pipe to a bash script. Curl-bash pipes are a security mess.
ick@infosec.pub 3 weeks ago
corsicanguppy@lemmy.ca 3 weeks ago
Curl-bash pipes are a security mess.
Security mess? Red flag. Avoid.
Sanguine@lemmy.dbzer0.com 3 weeks ago
Good advice but ime these helper scripts are legit.
ikidd@lemmy.world 3 weeks ago
I’m pretty familiar with TTech’s legacy, I just mention it because if the repos ever got compromised, it could be a shitshow. IDK what security measures the new maintainers use to secure their access or check PRs, but I get nervous when it’s as popular as it is and such a good vector for complicated installations that are hard to check out. I also don’t know the new maintainers from Adam.
Personally, I’d use the scripts as a guide for DIY.
corsicanguppy@lemmy.ca 3 weeks ago
Let’s consider a moment the risk you’re subjecting people to, just with a recommendation based on the value of the things you secure without considering what they need to secure.
Sanguine@lemmy.dbzer0.com 3 weeks ago
I’m not subjecting anyone to anything. I acknowledged that this practice is risky, however these scripts are maintained by a community of other nerds just like every other open source project you enjoy. If you’re going to use these proceed with the same caution you would anything else on the internet, but in my experience they are safe.