Im sorry, but what integrity are we talking oft?

Oh, yes it can. The license only changes what other people than the owner may do. It’s the rights and conditions they give you.

For most projects that doesn’t matter because there are several owners of the code base. Every single person who contributed can enforce these rights on their part. However, to contribute to Zed you have to sign a cla. Signing away all rights and ownership of your contribution. So they have all the rights and can do whatever they want.

They could close source everything tomorrow without any consequence and sell you a feature you made yourself.

Its timing based. When piped a script, bash executes each line completly before taking the next line from the input. Curl has a limited output buffer.

1. Operation that takes a long time. Like a sleep, or if you want it less obvious. A download, an unzip operation, apt update, etc.
2. Fill the buffer with more bash commands.
3. Measure on the server if at some point curl stops downloading the script.
4. Serve a malicious payload.

They can even serve a different file for curl vs curl|bash

Has the same vibes as anthropic creating a C compiler which passes 99% of compiler tests.

That last percent is really important. At least that last percent are some really specific edge cases right?

Description:
When compiling the following code with CCC using -std=c23:

bool is_even(int number) {
   return number % 2 == 0;
}

the compiler fails to compile due to bool, true, and false being unrecognized. The same code compiles correctly with GCC and Clang in C23 mode.

Source

Well fuck.