WARNING! Do not ever run "curl | sh" from the internet

I have seen more and more videos and tutorials online adviciing to run “curl | sh” directly from the internet.
DO NOT EVER DO THIS!

An example of a decently big channel, even I thought would never do something like that.

Not here to discuss or throw shade at anybody, I do this to remind people NEVER TO DO THAT, EVER!

1 Like

Well, “never” is a strong term. You should actually trust your source, like everything else you install out of your distro’s repos. And the statement “You should actually trust your source” is true regardless the OS, it’s not applicable only to linux.

2 Likes

I’d never trust something like this, even if it’s in the middle of some guide for something I must get ready ASAP.

I download to a temporary file, and then open to do a quick overview. Also always lookup for a digital signature (cryptographic or at least a sanity hash/cheksum).

Better safe than sorry. You don’t want to read tomorrow about a hack to something you’ve done yesterday.

IMO this is not something common (that everyone is doing/was doing in his every-day “computer” life) to justify a general warning in CAPS x3. And where exactly is that section in the video, yet alone what is the point of extracting something from a random video and presenting it as DOOMSDAY, like we are talking about the very dangerous xz situation, is that an advertising attempt of another youtube nerd/“influencer”/tech-hipster?

I have to agree @netizen.

I trust but I always verify.
Checking to make sure the signatures (md5sums, SHA and the like) match is a plus.

Prior preparation is a good practice.