Cygwin-wnpp#20050831T2001 ITP: bzr -- Next-generation distributed GNU Arch compatible version control (Python)

Jari Aalto
Thu Sep 1 17:44:00 GMT 2005

"Dave Korn" <dave.korn-RQamRl9Jd2/> writes:

| ----Original Message----
| >From: Jari Aalto
| >Sent: 31 August 2005 21:15
| > B) or do this (preferred)
| > mkdir bzr ; cd bzr
| > wget -q -O - | sh
| Um, from a security point of view, that's one of the most appalling things
| I've ever seen suggested in my life.  Literally.  Pipe the content of some
| random file on some random internet host straight into a shell without even
| looking at it first?  Not on your life! 

Just to help "copy'n paste && quick downloaders".
But downloads need not be random. It's same as:

$ mkdir bzr ; cd bzr
$ wget -q 
$ less   #  ... inspect in detail
$ sh

There are various options how to do the download. 

You gave an idea - I'll sign the downloads scripts next time. The key
can be obtained from keyservers.

| I appreciate that you may feel your site is secure and nobody could
| possibly tamper with the file and nothing could go wrong, but that
| is still a highly risky way to distribute software.

There is also whois(1) etc. if in doubt. Running any program is risk, 
including Cygwin install scripts :-)


More information about the Cygwin-apps mailing list