pull down to refresh

Is there a way to verify its authenticity ? 😂
@ek mentioned this point to me before, but it seems " trust cannot be eliminated, only minimized. "
111 sats \ 1 reply \ @ek 26 Mar
There are multiple ways to verify the authenticity. Authenticity means here that we want to be sure this URL belongs to the homebrew devs that we already trust.1
Ideally, we use all ways as @Natalia mentioned in her post:
ideally from independent sources, and from more sources, the more trusted.
a) check out the Homebrew organization to which this URL belongs to. Is this a legit org? Do they have many stars (which could be bought)? Much activity? No ticket or discussion that says "this is a scam"?
b) Visit the URL and read the code. No red flags like loading something from a totally different domain? (If you can't read code, learn how to read code.)
c) Verify it uses HTTPS. Probably the easiest way and one that people hopefully already do without thinking, so this is something you should ALWAYS do (assuming it's not already done by the software you use): just check if the URL starts with https://. This is important since TLS (HTTPS = HTTP + TLS) is not only about encryption (confidentiality) but also about integrity and authenticity, the "CIA triad":
Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the "CIA" triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.
-- wikipedia.org, Information security

Footnotes

  1. Authentication basically means to verify you are who you say you are. Btw, even the HTTP spec got this wrong: it uses authorization for authentication. ↩
ek is right, we can either trust it or manually check the script. But that already requires shell script knowledge. I've done some before, but I'm not 100% comfortable with it.
reply
isn't SN the perfect place to ask and learn? 👀👀👀
reply
The perfect place might not be here, there should be a specific forum for this topic, but I have no doubt that there must be someone here with solid knowledge in shell scripting
reply
there should be a specific forum for this topic
What kind of forum? What is SN missing that it isn't this forum for you?
but I have no doubt that there must be someone here with solid knowledge in shell scripting
reply
I don't know the expertise of all stackers. There is no ~shellScript territory ;)
reply
you need to "fish" those humble plebs, by asking. 👀
reply
reply
I tend to avoid wild animals 😂
evet, this is the way!
now you've unlocked one of the secrets in SN!
😂😂😂
reply