Created
October 29, 2014 16:54
-
-
Save evanphx/358c1627b69f7a33fca6 to your computer and use it in GitHub Desktop.
Tachyon installer with hash verification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl http://tachyon.vektra.io/install.sh > it.sh && test $(openssl sha1 < it.sh) = "23fb0450b152dfaa8331dd37c3a4c13d4de9dbb8" && bash it.sh |
where does the hash come from? How are users expected to get it? If the answer is "copy and paste this from a page secured by https" then this doesn't add anything as anyone able to attack the https:// URL in the curl download can attack the page that they used to get the hash.
@dstufft Where does the source of any trust system come from? There's a huge difference between "this isn't fully solved" and "this solution is vastly superior to the prior solution". Security is layers! Be chill. Have a hug! :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Very nice! Good idea @jordansissel!