Free and Open Source Software

17678 readers

34 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

Zed (vscode alternative) on Linux is out! (zed.dev)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

37 comments fedilink hide all child comments

cross-posted from: https://jlai.lu/post/8476122

Zed on Linux is out!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 39 points 1 month ago (4 children)

Might be neat. Might check it out. But devs really need to stop asking me to install things by curling a script and piping it into my shell. There are better ways to do this. Doing this leaves a massive possible attack surface.

[–] [email protected] 3 points 1 month ago (2 children)

No matter how they package it, running a binary downloaded from Internet has the same attack surface

[–] [email protected] 5 points 1 month ago (1 children)

You are right, except for one detail. Package managers almost always validate the packages using digital signatures, to avoid man-in-the-middle attacks. You don't need to trust the network anymore. Shell scripts piped to a shell don't have that protection. You still have to trust the developers and maintainers, though.

[–] [email protected] 2 points 1 month ago

Shell scripts have md5 signatures

load more comments (1 replies)