You can also ask questions or provide any information that might be helpful to the people taking this course.
Matthias Hogerheijde 50 points
7 years ago
Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.
@matthias-hogerheijde You can always download the code and see what you are installing. Isn't that the same with almost everything else?
Matthias Hogerheijde 50 Points
@gaurav-gupta It is not the same, because you need a level/web of trust. The act of trusting https://getcomposer.org/installer is not wrong in and of itself, teaching people to blindly copy-paste a command that does remote-code execution is the point that I'm fussing about. We should teach everyone to *first* find out what the level of trust is they put in something. Either by looking at the code and understanding it; or by making sure others (that you trust) have. So the least you should do is explain _why_ you trust the content of https://getcomposer.org/installer _before_ you tell others to blindly run that code. Then, I can figure out if your trust in them means anything to me. If so, I'll follow your advice. If not: I need to double-check.
Again: it's not about the actual command; it's about telling people that this is normal. It shouldn't be.
Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.
Please tell us what's wrong with the comment. Thanks.
basic php code
Please tell us what's wrong with the comment. Thanks.
How up to date is this?
Please tell us what's wrong with the comment. Thanks.