Download Speedtest_cli.py
Keiko Bludworth
One of the things I always hate about this command, while useful, is that the user is reliant on the speedtest_cli.py script to not have been compromised or otherwise modified. It is somewhat risky to blindly download a python script from the internet and then pipe it through python without inspecting it (or any script for that matter, be it python, bash, whatever). If, for instance, I had compromised the github repo where it is stored and added rm -Rf, and the user was silly enough to be running as root on the UTM, what then? For the user, hopefully nothing TOO bad if they had backups. But, since this is being recommended by Sophos, they may have some liability in this. Perhaps Sophos should develop their own script to duplicate this effort and host it themselves on the up2date server and monitor the script for unauthorized changes, etc.? Just a thought.