Open nodakai opened 7 months ago
This looks fishy. Please, download scripts only from Microsoft domains. We now support GPG detached signing so you can check integrity of the file before you execute it.
Where did you find that link?
The only valid alias for that file is https://dot.net/v1/dotnet-install.sh. Now that we only have one version, we could even just shorten the alias.
I attempted to revisit the official reference documentation for the script I had read before. I typed dotnet-install.sh
into Firefox's address bar, expecting it to either bring up the relevant page from my browsing history or default to a Google search if the phrase wasn't found. Firefox recognized it as a domain name and, to my surprise, displayed a script
The same thing happened to me, I was trying to search for information about dotnet-install.sh, and in my case, Chrome recognized it as a file and downloaded it. It is easy to fall in to this trap, I was trying to search for information and downloaded an unknown .sh file from the internet.
Gotcha. Thanks for the additional context! Was just trying to understand if there were any sites promoting this other domain.
Do we have any updates on this ticket?
It seems to download a version of the script that appears to be outdated compared to the official one. Is this possibly a preparation for a bait-and-switch tactic, or could it just be a well-intentioned effort to provide a convenient shortcut for the community?
https://dotnet-install.sh
https://who.is/whois/dotnet-install.sh