Re: gcc 5 & 6 & others already out of date?
From: Willy Tarreau
Date: Fri Oct 14 2022 - 01:28:34 EST
On Fri, Oct 14, 2022 at 04:28:10AM +0000, David Laight wrote:
> From: Willy Tarreau
> > Sent: 13 October 2022 17:18
> ...
> > That's also the model where people routinely do:
> >
> > $ curl github.com/blah | sudo sh
>
> Anyone doing that wants their head examined....
Most of the time they have no clue what they're doing, they just
copy-paste installation instructions. You find hundreds of projects
documenting this as the installation procedure, often in the nodejs
world it seems, and the fist complaint in general is not that it's a
bad practise but that it doesn't work on Mac! Random examples from
google's first page:
https://gist.github.com/btm/6700524
https://github.com/rclone/rclone/issues/3922
https://gist.github.com/andrepg/71a15e915846acd41370e275eadb0478
https://github.com/shellspec/shellspec/blob/master/install.sh
This one looks like a trap, it searches from local vulnerabilities
and suggests to be installed like this:
https://github.com/carlospolop/PEASS-ng/blob/master/linPEAS/README.md
> I'm not sure I'd trust any source of files enough for that.
That's for a targetted audience.
> Maybe some things get run as root, and maybe they might
> do nasty things, but running random downloaded scripts
> is as bad as clicking on links in outlook.
Yes, or even despite a full end-to-end trust you still have the risk of
a truncated script, which you'd rather not face during rm -rf /tmp/blah.
Anyway we're getting out of topic here.
Willy