What exactly are you arguing?

The Parent poster is arguing that the "recommended" way documented on the Rust website to install rustup is using curl bash, and you're saying "it's possible to do things manually".

How is that helpful to the vast majority of the people on Mac/Linux trying to install Rust from scratch and reading the instructions on the website?

> What exactly are you arguing?

This part:

> ... to install the rust development toolchain (because it changes too rapidly to effectively be in any repos)

Rust toolchain is installed using rustup, not curl bash. It's rustup that's installed using curl bash. And while the site does recommend it, installing rustup alone securely is far easier than the entire toolchain.

> How is that helpful to the vast majority of the people on Mac/Linux trying to install Rust from scratch and reading the instructions on the website?

If you're concerned about running a remote script, just check how much work the script actually does. If it's not much, it may be worth exploring the alternative ways for it. For example, the rustup package in Arch Linux [1] does the same thing as what you get from curl bash.

I have mise installed - another package which recommends installation using curl bash. But I don't use it, because it's really easy to install it manually. And when some other tool recommends curl bash, I check if it's supported by mise. As it turns out, rustup can be installed using mise [2].

[1] https://wiki.archlinux.org/title/Rust#Arch_Linux_package

[2] https://mise.jdx.dev/lang/rust.html

same parent had said "It's crazy that a language that prioritizes security so highly in it's design itself is only compiled through such insecure methods."