Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There is no threat model that doesn't also apply to pretty much every other distribution method.

It's just people who have internalized "don't paste commands from the Internet into your terminal" and aren't thinking about exactly what makes pasting commands from the Internet into your terminal dangerous, and how that applies to this specific case.



Compromised web server, since they don't tend be as secure. Signed packages are safer as signing keys are generally more secured than web servers.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: