If you're the kind of shoot-from-the-hip brogrammer that doesn't mind
executing random scripts from the interwebs, then the easiest way to
install Emacs Live is to run the following which will safely preserve
any Emacs configs you already have:
I understand why you might want to use curl and bash together, even though I don't agree with it. The part that I take issue with, however, is the use of the -k switch, which turns off certificate validation, so that even a certificate error will still cause it to succeed. This change was made in https://github.com/overtone/emacs-live/commit/c4ca54597858d9b2c7a5a29b01d626cef86b40ae, but I can't see a justification for it.
May I ask why this change was made? It negates one of the biggest points of using SSL in the first place and makes a MITM attack ridiculously easy. If someone has outdated certificates then they should be updating those first.
The README.md file suggests:
I understand why you might want to use curl and bash together, even though I don't agree with it. The part that I take issue with, however, is the use of the
-kswitch, which turns off certificate validation, so that even a certificate error will still cause it to succeed. This change was made in https://github.com/overtone/emacs-live/commit/c4ca54597858d9b2c7a5a29b01d626cef86b40ae, but I can't see a justification for it.May I ask why this change was made? It negates one of the biggest points of using SSL in the first place and makes a MITM attack ridiculously easy. If someone has outdated certificates then they should be updating those first.