Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
x/tools/cmd/getgo: is a two-liner #21277
The tool is intended to be a one-liner :
but it ends with this advice :
This looks to me like a real caveat for a tool whose purpose is do all the work in a single step (single action from user).
A possible solution (which may have other problems on its own that I'm not seeing right now) would be instead to download and source a script that does all of this :
The contents of
It makes me nervous too, but I can't find any objective reason to argue that sourcing a script would be more (or less) dangerous/suspicious than executing a binary. Both have the same power to be harmful and we rely on developers trusting the get.golang.org good intentions.
@spf13 Yes, executing binary that generates script + source script + removed 2 files, should work.