Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modified the curl|bash code to make it palatable to security-checking… #139311

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

TimAtGoogle
Copy link

Our security-checking software balks at the "curl | sudo bash" idiom.

After researching this a lot(!) online, the fix -- when people even acknowledge this needs fixing -- is to manually inspect the download file before allowing it to run each time you want to run the enclosing script.

The better answer, implemented here, is to download the file, check it for naughtiness, and then include it as part of the distribution (that is, add it to the repo). This doesn't magically get you updates, but it can be manually updated as necessary (I'm assuming the downloaded file rarely changes), which is probably the safest thing, anyway.

@pytorch-bot pytorch-bot bot added the topic: not user facing topic category label Oct 30, 2024
Copy link

pytorch-bot bot commented Oct 30, 2024

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/139311

Note: Links to docs will display an error until the docs builds have been completed.

✅ No Failures

As of commit 697a1f0 with merge base f14f245 (image):
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants