(#zm5qtpq) @mckinley I think we (as in “the free software community”) have largely given up on that. `curl foo | sh` is basically equivalent to running precompiled binaries or the huge dependency mess that we have these days (simple programs pulling in 47289 libraries). We run completely untrusted code all the time and nobody cares anymore. The idea of eliminating distributions (which at least provide *some* layer of quality control) pops up again and again. A `curl foo | sh` is probably the *least* harmful thing these days, because it’s the easiest issue to fix. (Meh: Rust’s `curl https://sh.rustup.rs | sh` downloads a 15 MB binary that does god-knows-what.) Or am I missing the point? 🤔

(#zm5qtpq) FWOW I don't think I've ever once run such a shell pipeline in my life. who da fuq knows wtf that thing is even doing 🤣

(#zm5qtpq) @mckinley Yep, so wrong on so many levels. @movq I just don't want to run such crapware. Browser, mail client and video player aside, I think I don't do too bad on that regard with my private stuff. Yeah, definitely ignoring the situation at the dayjob. @prologic Only for Rust. Otherwise I stay away from that for sure.

(#zm5qtpq) @movq It's possible for a Web server to detect whether or not you're piping the output into a shell and change its output based on that, which makes `curl | sh` so much worse in my opinion.

(#zm5qtpq) @mckinley That certainly doesn’t help, yeah. 🥴 (In the case of the Rust installer, I still wonder why they go through the trouble of having a shell script (POSIX, portable, even runs on Windows apparently), when all it does is download a binary and run that. Is that super useful to people, yeah? I’m sure there’s some reason, I just don’t see it.)

(#zm5qtpq) @movq Maybe it's just a cargo cult thing (pun intended) because it's somehow an accepted way to install a piece of software.