Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A binary that you download could be obfuscated to make it hard to audit. A site could offer different binaries to different people, locations, times of day, user agents, etc. That's not really a realistic risk.


It's not so much script vs binary, but once everybody downloads a file they can compare them to make sure they're getting the same file.


You can download the script using curl and then inspect it and run it if you really want?


And then we get to what I was trying to state in my original post.

I don't have a strong opinion that it's good or bad practice, I just thought it was a clever thing to do about it.

Edit: I think I was thinking of https://news.ycombinator.com/item?id=17636032 / https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b.... Wow, it's been a while.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: