Well, you have simplified it too much. It seems to be basically equivalent to curl http://… | sudo bash. (AFAIK, there is no authentication when using git:// URL.) The signature verification mentioned on the page is there for a reason – you should not run the code without knowing it has not been altered.
It would be even better to use either https;// URL or SSH URL, as they authenticate the transport. This can somehow mitigate attacker providing you an old version with known vulnerabilities. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aac7603f-3e59-41ce-a168-83aa354a42e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
