| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fixes two issues:
- curl was given -k aka --insecure, which causes it to ignore SSL certificate
errors. This makes SSL nearly useless against active tampering.
- curl was given a URL with no protocol, causing it to default to unencrypted
HTTP. An active attacker can filter out GitHub's HTTPS redirect or modify
the response in arbitrary other ways.
Either of these issues makes it quite easy for an active attacker, anywhere on
the network between GitHub and the person installing Homebrew, to insert
malicious code. Since this code goes straight into the ruby interpreter, this
is a one-step compromise of the user's machine.
Since the command got longer, shrink the font so that it still fits in the page
column (at maximum width) without scrolling.
On 10.5 the curl command can fail due to missing SSL certs. Add a note to look
at the alternate install instructions on the wiki, which now mention curl
--insecure .
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
Shorter install line, but this redirect works 100% now. So cool.
|
|
We will remove them from the installation wiki because it is a security risk. This is somewhat inconvenient, but should be okay, and much safer.
|
|
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
So now no scrollbars and everything can be read at a glance.
|
|
|
|
|
