Complaints against curl <https-url> | sh in favor of downloading a pkg are the equivalent of requiring shoes off at TSA. Security theater.
@dmitry_vk if you're talking about Ubuntu, compare `| sh` to the jankiest PPAs and also consider that PPAs only work on Ubuntu.
-
-
@wycats yes, that's a problem with PPA; .deb & .rpm are more portable. Here's what I fear in someone's sh scripts: https://github.com/valvesoftware/steam-for-linux/issues/3671 … -
@dmitry_vk the problem is fiefdoms. In principle a generic "source package" format should be possible but everyone needs their bureaucracy -
@dmitry_vk I don't mean "one true package", just an IR format. -
@dmitry_vk in an ideal world, making a .source-pkg would be as easy as `|sh` and source-pkg -> deb etc tooling would be in place. -
@dmitry_vk one of the major issues is an insistence by bureaucrats on maximum sharing even if it adds complexity. Not worth it for rust. -
@dmitry_vk we're not gonna waste time arguing about whether we should in principle be able to share LLVM or other not-totally-stable deps
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.