This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Cygwin-wnpp#20050831T2001 ITP: bzr -- Next-generation distributed GNU Arch compatible version control (Python)


----Original Message----
>From: Jari Aalto
>Sent: 31 August 2005 21:15

> B) or do this (preferred)
> mkdir bzr ; cd bzr
> wget -q -O - http://cygwin.cante.net/bzr/get.sh | sh


  Um, from a security point of view, that's one of the most appalling things
I've ever seen suggested in my life.  Literally.  Pipe the content of some
random file on some random internet host straight into a shell without even
looking at it first?  Not on your life!  I appreciate that you may feel your
site is secure and nobody could possibly tamper with the file and nothing
could go wrong, but that is still a highly risky way to distribute software.

  And besides, how do _we_ know you can be trusted ? :-O
http://cante.net/~jaalto/ just says "test page" and that was an unsigned
email and I don't have your public key anyway.  How do we even know you
_are_ Jari Aalto ?!


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]