As much as I agree, I think we’re past the point of preventing normalization.
Comment on Managing Proxmox VE via Terraform and GitOps
atzanteol@sh.itjust.works 3 weeks ago
Please do not normalize running scripts directly from websites.
BlueBockser@programming.dev 3 weeks ago
Fuzzypyro@lemmy.world 3 weeks ago
Agreed. Just point them to the repository. Cloning the repo and running the script is the barrier to entry here. If they can’t do that then reading it would do them no good.
joegarciar3a3294@lemmy.world 3 weeks ago
i agree. they should be run in a confined env first
atzanteol@sh.itjust.works 3 weeks ago
No - you shouldn’t be putting
bash $(curl …)into a post and telling people to run it at all. It’s bad and shouldn’t be normalized in any way. Take. It. Down.Fiery@lemmy.dbzer0.com 3 weeks ago
Especially dangerous because the script can change. So this stays up, gets indexed and put in the search results for people looking to do this… And then poof suddenly the script is an info stealer.
Might not even be the original poster doing this, maybe their account gets hacked and the link gets every so slightly edited.
Just bad practice.
Though I must admit I do use proxmox helper scripts… But at least that’s a somewhat trusted repo.
MysteriousSophon21@lemmy.world 3 weeks ago
100% this - at the very least do a
curl URL | lessto inspect the script before piping it to bash, or better yet download it, review it thoroghly, then run it locally.