Web lists-archives.com

Re: Bug#859199: ITP: dh-curl-sudo-bash -- debhelper tools for automated non-packaging




On Sun, Apr 02, 2017 at 08:27:17AM +0300, Dmitry Bogatov wrote:
> [2017-03-31 15:48] Adam Borowski <kilobyte@xxxxxxxxxx>
> > On Sat, Apr 01, 2017 at 12:00:35AM +1100, Stuart Prescott wrote:
> > > * Package name    : dh-curl-sudo-bash
> > > * URL             : http://deb.li/U67E
> > >   Description     : debhelper tools for automated non-packaging
> > >
> > >
> > >     "curl http://example.com/setup.sh | sudo bash -"
> > 
> > I think you should also convert all https URLs to http, to make sure the
> > download works over restrictive firewalls and when the user's connection is
> > poorly MitMed.  It would also avoid unexpected FTBFS when a certificate
> > expires.
> 
> Wait a minute. Is it a joke? Are we going to provide tools to download
> code over HTTP and execute it?

And even execute it with root privilges.

Awareness is never a joke.


echo ZWNobyAiWW91J3ZlIGJlZW4gQXByaWwgRm9vbGVkISIK | base64 -d