| ▲ | codazoda 6 hours ago | |
> Thank god for tauri I’d love to try it, but speaking of security, this was the first thing I saw: sh <(curl https://create.tauri.app/sh) | ||
| ▲ | edoceo 3 hours ago | parent [-] | |
Right. But you know how to fetch and inspect (yea?) so, I with you that piping random crap to sh is bad. Maybe these snips encourage that behavior. Tauri is trustable (for some loose definition) and the pipe to shell is just a well known happy-path. All that to say it's a low value smell test. Also, I'm in the camp that would rather git clone and then docker up. My understanding is it gives me a littl more sandbox. | ||