I hate this model, but if you trust the website, piping to shell is exactly as safe as downloading and executing a installer. (Yeah yeah, https, function executed on last line, etc)
I don’t want to trust a website, which is susceptible to typos and lookalikes (see e.g. putty.org) and relies on countless other services that can inject malware.
Code signing was creates for this reason: ensure that the program is authentic and unaltered. Package managers do this perfectly.
I hate this model, but if you trust the website, piping to shell is exactly as safe as downloading and executing a installer. (Yeah yeah, https, function executed on last line, etc)
I don’t want to trust a website, which is susceptible to typos and lookalikes (see e.g. putty.org) and relies on countless other services that can inject malware.
Code signing was creates for this reason: ensure that the program is authentic and unaltered. Package managers do this perfectly.
100%. I’m just saying that on Windows an Mac, the inferior “download an installer” model is still prevalent, and that
|shis as safe as that.