I am, and I actively recommend it to anyone sufficiently well educated that they could (and would) go through the contents of the script manually and verify its contents. I don't do anything additional that could be automated in a general fashion, but my own scripts (partly based on Tron) include custom things specific to my setup - adjusting router/firewall settings, interacting with my automated backups, etc.
We're totally OK with you using the script. :) Most people, especially those just looking for a way to be secure without knowing anything about the command line, was whom this tool was built for. Glad you liked it!
Sure - I'll be happy to show you the scores of scripts I have written to do every tasks like switch pipewire audio sinks, wrapper to youtube-dl, generate/copy rsa token, convert/combine images to pdf etc that were written in the sliver of time afforded to me after I'm done family and kids. Those scripts in no way represent the code I get paid to write in my job but if you find that to be an an issue, then you have found the flaw in your method.
eh it's fine. sure, technically speaking you're giving your machine over to whoever wrote that script. they could do anything! but actually, the script is usually useful and safe. Like this one.
Yes I do. For example, I have a little script to install Drupal modules, which is nothing more than downloading the tarball from the Drupal website, and untarring it in the proper directory.
Likewise, I've got scripts to extract strings to translate (with gettext()) using xgettext from various project directories, and merging it with older, already existing translations; and for installing edited translations afterwards (with msgfmt).
I also have a script to upload files that were changed locally to a remote server.
No, it didn't take me 2 weeks to code them.
Most of the time I just do the task once, and store the commands in a file. Next I edit that file replacing values with script arguments. Tada! Instant script. For lists of values that depend on the project, I create presets (one argument determines what set of values to use).
Not necessarily. If the script is documented and written cleanly (e.g Fabric3 which has very little magic, and reads almost like Bash), then in can server as "runnable documentation". In this case automation could be really good for continuity and busfactor.
But yeah... got to put some effort into it. Like all docs, script-docs worn't write themselves.
Well, you're going to run the thing the script downloaded with exactly the same user and privileges as the script you're running.
Unless you're doing a full audit on all the code and not only a cursory look on the installation script, this looks to me more like security theatre.
reply