The Debian Bookworm fix was only rolled out last night. Bookworm was not directly affected though, so maybe that’s why it took a bit more time

The point | | | Your head

The real answer is that user-agents can be used to show you one version in your browser and then serve you another one with curl.

I say “real” because all the idiots talking about “don’t run scripts from the internet!!!” probably forget they don’t decompile every binary they run. E.g. the rustup installer (the tool for managing Rust toolchains) is by default a curl+bash one liner. Why would I worry about them serving me a wrong script when I’m any way about to run their binary blob?

If you have any doubt about the hosting service (which might or not be the same as the software author!) then avoid piping into bash, but then why would you run their code at all if you distrust them so much? Do you expect github to install a keylogger? Probably not. Some telemetry hook to know whose running the requested script? Possibly someday

Every time I see people boasting about their uptime, I ask myself how old their kernel actually is.

I’ve set this auto reboot and never had to worry about patching my server.

Edit: yeah I know live patching is a thing, not worth the hassle for 99% of server workloads.

I tried to setup Forgejo CI but was turned off by the need to have nodejs installed to do anything, even cloning the repository. Does everyone just maintain their own images?

Gitlab CI by comparison will let me you any image (e.g. basic rustc imagé) and do the orchestration by itself. So much nicer to use imo