-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Promotion of unsafe sysadmin practice #353
Comments
Even though I agree that this is an unsafe way to install anything over the internet, this practice is widespread. Many tools recommend installing them the same way - download a shell file and run it. The first that comes to mind is There's no way, other than a package manager, to get the same level of convenience in a safe way. I ran into the same conundrum when I wanted to host my dotfiles. I ended up creating a symlink farm repository. The README itself is the SSOT of what needs to be done to use the symlink farm configs. For me, it was a fair trade off between convenience and being intentional about the commands that need to be ran. It's definitely not a drop-in replacement to a one-liner install, and requires more human effort, but not too much - up to 10 or 15mins. Instead of replacing the whole approach, we could search for improvements that make this safer without sacricifing the convenience. Two ideas come to mind:
|
In another small project of mine, I switched to a 2-step approach (download with curl first, execute second) I do think it's a little bit better to give someone the opportunity to inspect a script before they execute. Could also consider a checksum. But really, if anyone cares enough to look at checksums they probably need to move to a formal distribution system anyway, which solves a lot more than just checksums. Anything being installed on servers probably should not be using curl from github in the first place, and software projects destined for servers will generally add multiple distribution channels as they mature. curl+github is usually for hackers and dev work; more formal distribution systems are for production use behind the corp firewall. |
Yes this practice is widespread; no that's not an excuse to keep recommending it, especially when the target audience includes many junior sysadmins. Ideally the user should perform three steps:
Users who are not confident to inspect a shell script could instead be offered the option of visually confirming its checksum, preferably using something visual like the ssh host key fingerprinting method. I agree that having two levels of |
The website gives heavy prominence to this one-line installation procedure:
Following that instruction would be a disciplinary (possibly fireable) offence for a professional sysadmin.
Since Omakub targets web developers, that last point is unconscionable.
The text was updated successfully, but these errors were encountered: