Cygwin-wnpp#20050831T2001 ITP: bzr -- Next-generation distributed GNU Arch compatible version control (Python)
Jari Aalto
jari.aalto@cante.net
Thu Sep 1 17:44:00 GMT 2005
"Dave Korn" <dave.korn-RQamRl9Jd2/QT0dZR+AlfA@public.gmane.org> writes:
| ----Original Message----
|
| >From: Jari Aalto
| >Sent: 31 August 2005 21:15
|
| > B) or do this (preferred)
| > mkdir bzr ; cd bzr
| > wget -q -O - http://cygwin.cante.net/bzr/get.sh | sh
|
|
| Um, from a security point of view, that's one of the most appalling things
| I've ever seen suggested in my life. Literally. Pipe the content of some
| random file on some random internet host straight into a shell without even
| looking at it first? Not on your life!
Just to help "copy'n paste && quick downloaders".
But downloads need not be random. It's same as:
$ mkdir bzr ; cd bzr
$ wget -q http://cygwin.cante.net/bzr/get.sh
$ less get.sh # ... inspect in detail
$ sh get.sh
There are various options how to do the download.
You gave an idea - I'll sign the downloads scripts next time. The key
can be obtained from keyservers.
| I appreciate that you may feel your site is secure and nobody could
| possibly tamper with the file and nothing could go wrong, but that
| is still a highly risky way to distribute software.
There is also whois(1) etc. if in doubt. Running any program is risk,
including Cygwin install scripts :-)
Jari
More information about the Cygwin-apps
mailing list