From 5fa816454394f5c5d4817057860a1b8ba24515d4 Mon Sep 17 00:00:00 2001 From: sneak Date: Sun, 9 Jun 2024 09:07:26 -0700 Subject: [PATCH] update readme --- README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d07f5bc..685035c 100644 --- a/README.md +++ b/README.md @@ -25,14 +25,20 @@ which is not what you want. Run: ``` -GOPROXY=direct sudo go run sneak.berlin/go/mullvadclosest/cmd/mullvadclosest@latest +GOPROXY=direct go run git.eeqj.de/sneak/mullvadclosest/cmd/mullvadclosest@4dd5e871f830ff62bb30c2290623ad9d8c4d4554 ``` -(The GOPROXY=direct means to download the code directly from my servers, not +The GOPROXY=direct means to download the code directly from my servers, not the Google-operated golang module proxy. Given that you're running this program as root from a random place on the internet, downloading it directly from me avoids the case where Google can serve you arbitrary code that runs -on your machine.) +on your machine. + +The full git commit hash is provided to ensure that you're running the +specific version of the code that I've tested and that you're expecting to +run. Don't do "git run @latest" because it's just granting random +people code exec on your machine. (Same goes for docker images that use +*any* tag that uses `:` instead of a specific hash identified by `@`.) # Example output