pull down to refresh

stackers coming to comment without verifying the post! 🕵🏼
The fruit of the tree of Million Sat Madness...
reply
Yes:(
learning real skills, having fun maybe even stacking friends, is worth way more than 1M sats...
reply
Gonna go crack open a book now! :)
reply
why is not read my post and start testing 👀
reply
I'm a bit hesitant to run the installation script
https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh
Is there a way to verify its authenticity ? 😂
Let's be real, I don't need to install it yet, but I'll be sure to follow the tutorial when I do.
reply
deleted by author
reply
111 sats \ 1 reply \ @ek 26 Mar 2024
There are multiple ways to verify the authenticity. Authenticity means here that we want to be sure this URL belongs to the homebrew devs that we already trust.1
Ideally, we use all ways as @Natalia mentioned in her post:
ideally from independent sources, and from more sources, the more trusted.
a) check out the Homebrew organization to which this URL belongs to. Is this a legit org? Do they have many stars (which could be bought)? Much activity? No ticket or discussion that says "this is a scam"?
b) Visit the URL and read the code. No red flags like loading something from a totally different domain? (If you can't read code, learn how to read code.)
c) Verify it uses HTTPS. Probably the easiest way and one that people hopefully already do without thinking, so this is something you should ALWAYS do (assuming it's not already done by the software you use): just check if the URL starts with https://. This is important since TLS (HTTPS = HTTP + TLS) is not only about encryption (confidentiality) but also about integrity and authenticity, the "CIA triad":
Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the "CIA" triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.
-- wikipedia.org, Information security

Footnotes

  1. Authentication basically means to verify you are who you say you are. Btw, even the HTTP spec got this wrong: it uses authorization for authentication.
ek is right, we can either trust it or manually check the script. But that already requires shell script knowledge. I've done some before, but I'm not 100% comfortable with it.
reply
isn't SN the perfect place to ask and learn? 👀👀👀
reply
The perfect place might not be here, there should be a specific forum for this topic, but I have no doubt that there must be someone here with solid knowledge in shell scripting
reply
there should be a specific forum for this topic
What kind of forum? What is SN missing that it isn't this forum for you?
but I have no doubt that there must be someone here with solid knowledge in shell scripting