I still have no comprehension of how curl piped into a shell command has become the default installation method for many projects (looking at you, Rust...). It breaks my brain as to how potentially unsafe it is.
Every package manager does the same thing: run a script.
Would you feel safer if they offered a .deb? Do you unpack and inspect every .deb you install?
It's all about lowest friction + domain-name trust.
Depending on third party packaging (distribution-validated install) is much higher friction.
Those that ask for trust, deserve no trust.
It's because people are too obsessed with providing complete instructions to incorporate any package manager into their instructions.
What we are really missing is an explicit progression from new software to maintained packages across distribution. As it is, each distro expects each package to have a maintainer, and very few people actually want to do that across several distros just to release their software. Generally, the expectation is to instead just wait around for people to make and maintain those packages by virtue of their own interest in your software, but it takes a while, and discoverability isn't automatic.
Everyone’s eventually going to run a binary they downloaded from the same place, if you’ve already decided to do that, why is a curled install script worse?