Agreed. Just point them to the repository. Cloning the repo and running the script is the barrier to entry here. If they can’t do that then reading it would do them no good.
Comment on Managing Proxmox VE via Terraform and GitOps
atzanteol@sh.itjust.works 2 days ago
Please do not normalize running scripts directly from websites.
Fuzzypyro@lemmy.world 1 day ago
joegarciar3a3294@lemmy.world 2 days ago
i agree. they should be run in a confined env first
atzanteol@sh.itjust.works 2 days ago
No - you shouldn’t be putting
bash $(curl …)into a post and telling people to run it at all. It’s bad and shouldn’t be normalized in any way. Take. It. Down.Fiery@lemmy.dbzer0.com 1 day ago
Especially dangerous because the script can change. So this stays up, gets indexed and put in the search results for people looking to do this… And then poof suddenly the script is an info stealer.
Might not even be the original poster doing this, maybe their account gets hacked and the link gets every so slightly edited.
Just bad practice.
Though I must admit I do use proxmox helper scripts… But at least that’s a somewhat trusted repo.
BlueBockser@programming.dev 1 day ago
As much as I agree, I think we’re past the point of preventing normalization.