Complaints against curl <https-url> | sh in favor of downloading a pkg are the equivalent of requiring shoes off at TSA. Security theater.
@dmitry_vk not OSX .pkg, and not PPAs, both of which are used when | sh makes sense.
-
-
@dmitry_vk or do you feel as strongly that you should not use PPAs as you do about| sh? -
@wycats I'm actually more comfortable with PPA/.deb/.ebuild not b/c of security; pkg mgr prevents a lot of bugs of custom installers -
@dmitry_vk it's pretty easy to mess up your PPA and I've experienced that. -
@dmitry_vk but now we're pretty far from the knee jerk "stupidest idea in the world, LOL what idiots" response I was reacting to. -
@wycats sure; "curl HTTP://..." deserves this reaction, not "curl HTTPS://..." -
@dmitry_vk fine with me. -
@dmitry_vk although doing it to a new user trying to learn a programming language isn't OK, but that was already litigated in the OP
End of conversation
New conversation -
-
-
@wycats sorry, not familiar with OS X's .pkg; I thought the discussion is about pkg managers in general. -
@dmitry_vk I don't think it's possible to say anything interesting about "package managers in general" unless you draw lines (brew not a PM) -
@dmitry_vk if you're talking about Ubuntu, compare `| sh` to the jankiest PPAs and also consider that PPAs only work on Ubuntu. -
@wycats yes, that's a problem with PPA; .deb & .rpm are more portable. Here's what I fear in someone's sh scripts: https://github.com/valvesoftware/steam-for-linux/issues/3671 … -
@dmitry_vk the problem is fiefdoms. In principle a generic "source package" format should be possible but everyone needs their bureaucracy -
@dmitry_vk I don't mean "one true package", just an IR format. -
@dmitry_vk in an ideal world, making a .source-pkg would be as easy as `|sh` and source-pkg -> deb etc tooling would be in place. -
@dmitry_vk one of the major issues is an insistence by bureaucrats on maximum sharing even if it adds complexity. Not worth it for rust. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.