Hacker News new | past | comments | ask | show | jobs | submit login

You should publish the hash of the script, then the user should download it to disk, verify the script and then execute it. The same as would apply to any binary download - if a binary can be compromised so can a shell script.

Alternatively you can code review the script before executing it, which is a plus.




Hashes are useful when software is hosted on third-party mirrors or CDNs. If the software is hosted on the same server as the webpage about it, then anyone in a position to replace the download can and will replace the hash as well.


Better solution is to use signed software packages. Compromising website is more common than compromising developer private keys.


How are you going to trust the public key?

HN doesn't seem to like Apple/Microsoft as trust brokers, and absent a trusted CA I don't see how this makes the problem any better.


You have to trust someone to build trusted chain. Trusted CA roots from SSL are good practical choice IMO. May be NSA or China government theoretically could crack that setup, but for other adversaries it would be much harder.


They could spread the hash out to several places, e.g. tweet it every time it changes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: