Right. But you know how to fetch and inspect (yea?) so, I with you that piping r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		edoceo 59 days ago \| parent \| context \| favorite \| on: Less is safer: Reducing the risk of supply chain a... Right. But you know how to fetch and inspect (yea?) so, I with you that piping random crap to sh is bad. Maybe these snips encourage that behavior. Tauri is trustable (for some loose definition) and the pipe to shell is just a well known happy-path. All that to say it's a low value smell test. Also, I'm in the camp that would rather git clone and then docker up. My understanding is it gives me a littl more sandbox.

skydhash 59 days ago [–]

I think I would prefer to see official supports for major package managers, even with unofficial repos (Debian, Macports,...). We went from a time where software were usually tarballed to one where devs are encouraging piping to shell.

CuriouslyC 59 days ago | [–]

https://snapcraft.io/obsidian

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact