zlacker

[parent] [thread] 2 comments
1. Rapzid+(OP)[view] [source] 2023-09-27 00:10:51
Yeah, the industry has settled on it's fine with some caveats.

Even Microsoft has this published for the dotnet install tool:

  curl -sSL https://dot.net/v1/dotnet-install.sh | bash /dev/stdin <additional install-script args>
Microsoft.. The only company I have ever heard mention CRIME and BREACH and invokes their specter in .Net to do awesome things like.. Not let you enable websocket compression in SignalR.
replies(1): >>gregop+Va
2. gregop+Va[view] [source] 2023-09-27 01:19:19
>>Rapzid+(OP)
Of course Microsoft is fine with it - the official Windows way of installing things has forever been "Pssst, hey there, why don't you download this .exe and run it and keep pressing ok until it's done"
replies(1): >>Rapzid+Qm
◧◩
3. Rapzid+Qm[view] [source] [discussion] 2023-09-27 02:36:53
>>gregop+Va
How is this much different than how a deb or something gets installed? Actually, Windows installers are expected to be signed by default and it'll warn you if they aren't.
[go to top]