alt Hacker NewsOne of the things which really annoys me is the idea that it's every acceptable to blindly "curl -fsSL" bullshit .sh scripts.
Even large companies have adopted this crap and you don't know whether there's any digital signing going on or whether they're downright stealing anything you have of value.
It's not difficult to generate a rpm, deb, tgz and relevant detatched .asc PGP signature or if you hate PGP use openssh signatures or something.
Agreed. I was using mise to install Claude (via it's npm package) and keep it updated, and then they nagged me to switch to the 'curl | bash' method. Now I get to keep it updated manually, plus they helped train all my peers to continue just executing random scripts right off the Internet