@jookia It doesn’t cache the script but there is of course the possibility that the site could serve one thing to Should I pipe it? and something else to everyone else. Will have a think about that.
The only way to fully mitigate any attack would be to have Should I pipe it? included in the pipe itself but I’m hesitant to include a centralised single point of failure into install scripts. It would make that site the focus of attacks. This is meant as guidance / better than nothing / awareness.
@aral Having people just check hashes would be a start.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!