Event JSON
{
"id": "cfacb2c418774d084ed8a0f8b8d609e8bbf6ad5182f782b3869daa6133b99c0d",
"pubkey": "ef0bd1dff2fd2cbce6d4e8b8098d4172d785d31c03c23c069dded3bd5aca8fe8",
"created_at": 1716464568,
"kind": 1,
"tags": [
[
"p",
"058a6d106c5e6719008ce4db3f64c846caf49925227a39533d12a846fbab21ee"
],
[
"p",
"49cbac3f013b662a7daf50b26ea9ce6c68379a8e65133c74eb63835d87d7f2de"
],
[
"e",
"7a78a94f859616f9279635b640538af9b74813b72b6969d583206cad5a10a494",
"",
"root"
],
[
"proxy",
"https://infosec.exchange/@swapgs/112490221934976103",
"web"
],
[
"e",
"5afe931541609f8e9c018cd4fb13ba4b09bf398cd9f27b38aeb7c4e918305987",
"",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/swapgs/statuses/112490221934976103",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/swapgs/statuses/112490221934976103",
"pink.momostr"
]
],
"content": "I don’t see this as a counter-argument against curl|bash—if you’re pulling a malicious project or from a compromised backend, it’s already game over anyway? It’s no different from pulling a random software dependency from whatever registry your ecosystem offers.",
"sig": "3312bb887f1c373a2414c4168c2f2ff1ac87d9ec00c962efdc53506db35b16a5796161e8cb18260a58890b1f29b23d1c1baa58492ce5607a9c4278f1ff44d01f"
}
