zlacker

>>pictur+(OP)
> Javascript plus a "curl | sudo sh" attitude to life equals "yeah no, I am never touching this thing".

I get why there are people that don’t like how some installers do this, but this trope is really turning into the “but I don’t even own a TV” of OSS commentary.

Just use the Docker image if you don’t like it. Or get their appliance which actually supports ongoing development.

>>karlsh+h3
Also, no one’s forcing you to pipe curl into sudo sh. I don’t think a software project listing this as an installation method is that big of a red flag to be honest.

>>bryanc+a4
Why is "sudo" emphasized so heavily, anyway? Running as your ordinary user, that shell script can send someone your session cookies, authenticate with your SSH agent, and really anything that you can do. Sure, maybe not running as root protects the integrity of the OS and prevents some persistent keylogging attacks, but honestly... you don't need a keylogger when you just grab the cookies, or install your own binaries farther up in the path (good old ~/.local/bin/firefox instead of /usr/bin/firefox).

Frankly, being anything other than super paranoid is almost a little reckless.

Also, shit-talking Home Assistant is a pretty weird take. I wouldn't write it in Python configured half in YAML and half in SQLite either, but ... not having to write it myself was the fun part.

>>jrockw+k8
Can a "regular" installer do all of that? Especially if it asks to escalate its privileges?

"Running a software installer" in general seems just as insecure as "sudo | curl" whatever.