• 4dpuzzle@beehaw.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    4 months ago

    You are right, except for one detail. Package managers almost always validate the packages using digital signatures, to avoid man-in-the-middle attacks. You don’t need to trust the network anymore. Shell scripts piped to a shell don’t have that protection. You still have to trust the developers and maintainers, though.