Open nodakai opened 7 months ago
MichalPavlik
commented
7 months ago This looks fishy. Please, download scripts only from Microsoft domains. We now support GPG detached signing so you can check integrity of the file before you execute it.
mairaw
commented
7 months ago Where did you find that link?
The only valid alias for that file is https://dot.net/v1/dotnet-install.sh. Now that we only have one version, we could even just shorten the alias.
nodakai
commented
7 months ago I attempted to revisit the official reference documentation for the script I had read before. I typed dotnet-install.sh into Firefox's address bar, expecting it to either bring up the relevant page from my browsing history or default to a Google search if the phrase wasn't found. Firefox recognized it as a domain name and, to my surprise, displayed a script
kubilayeldemir
commented
7 months ago The same thing happened to me, I was trying to search for information about dotnet-install.sh, and in my case, Chrome recognized it as a file and downloaded it. It is easy to fall in to this trap, I was trying to search for information and downloaded an unknown .sh file from the internet.
mairaw
commented
7 months ago Gotcha. Thanks for the additional context! Was just trying to understand if there were any sites promoting this other domain.
YuliiaKovalova
commented
3 months ago Do we have any updates on this ticket?
It seems to download a version of the script that appears to be outdated compared to the official one. Is this possibly a preparation for a bait-and-switch tactic, or could it just be a well-intentioned effort to provide a convenient shortcut for the community?
https://dotnet-install.sh
https://who.is/whois/dotnet-install.sh