seriously though after having used a package manager windows just scares me
at least with piping a bash script you can look at what it's doing first, there's not really anything you can do to make sure InstallFreeGame.exe isn't doing anything bad
good thing everyone either uses chocolatey/scoop or the windows store, right
@lynnesbian same x.x
@lynnesbian forget PCMR, it's time for PMMR (Package Manager Master Race)
@lynnesbian is it a wholly custom installer?
@a_breakin_glass hmm? :o
@lynnesbian like, you can extract nullsoft installers with 7zip apparently
@a_breakin_glass ahh ok
that's still an extra step though
@axiom this is very cursed
@lynnesbian we have you cover for very low ruble
@lynnesbian "curl | sudo bash" is a bad idea even if you inspected the script before because it is possible for a web server to detect this and only send you malicious code in that case, serving harmless code otherwise if you download the file to inspect it before running it: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
Of course that doesn't make running obfuscated binary executables without any signatures from random web servers any more reasonable either.
@silentium that is a very interesting attack vector
i would still assume that there's pretty much nobody using this, whereas windows installers that turn out to be viruses are more common than that
@lynnesbian You are probably right, but it is still a bad idea for project websites to propagate this as their primary way of installing their software. It leads to people getting used to this behaviour and be careless with other "curl | bash" instructions in the future as well.
@silentium yeah i agree, curl | bash is a pretty bad idea
@email@example.com's anti-chud pro-skub instance for funtimes