Please provide more secure options for installation
Friptick opened this issue · comments
First off, this software looks great and its authors are almost certainly trustworthy.
But really, you are asking users to run a binary on the basis of no audit or oversight except this Github account? How is this different from the proverbial 90s clickhere.exe
? As a user why should I trust you?
The source code is available, yes. But installation still requires a compiled blackbox binary file. Personally there is no way I run that unless it is vouched for by the OS (Windows, Ubuntu, whatever). I believe that is the accepted best practice these days.
For Linux is there any prospect of a shell script version, so that at least we can see what it is doing in plaintext?
I would love to user ShadowFox but as of now I cannot justify it. A pity. Thanks for considering.
Technically, the installer was extracted into a separate repo.
https://github.com/SrKomodo/shadowfox-updater/releases
So this is likely more of an issue for that repository.
@DrWhoCares Thanks. Closing.