Am 10.04.2017 um 22:03 schrieb Eero Volotinen:
well. piping shell script to rootshell is not safe even with https ..
download and execute them manually don't make things better
nobody needs shell scripts to install release-rpms at all
2017-04-10 19:59 GMT+03:00 Dawid Bałut <[email protected]
<mailto:[email protected]>>:
Hello Community,
I noticed that on http://www.openvas.org/install-packages-v7.html
<http://www.openvas.org/install-packages-v7.html> we're encouraging
users to wget script from atomiccorp website using http.
As we know this is potential Man in the Middle attack vector, and we
shouldn't spread such bad practice - especially that atomiccorp
website and given resource are available thru https:// so I can't
see a reason to use http.
So my inquiry is - can you please change in the guide
wget -q -O - http://www.atomicorp.com/installers/atomic
<http://www.atomicorp.com/installers/atomic> |sh
to
wget -q -O - https://www.atomicorp.com/installers/atomic
<https://www.atomicorp.com/installers/atomic> |sh
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
