This is probably the key idea in this specific context: the tool you're downloading is a compiler. If you don't trust the bash script hosted by the compiler's creators (assuming you're properly certificate-checking the curl connection and not bypassing TLS), why would you trust the compiler binary it's trying to install?

▲

superkuh 2 days ago | parent [-]

I trust Debian to vet and package things in a way that won't break my desktop. I don't trust the Rust organization because their goals are very different.

▲

mustache_kimono 2 days ago | parent | next [-]

> I trust Debian to vet and package things in a way that won't break my desktop.

Um, has there been some instance where rustup broke a desktop? And I'm assuming Debian has actually delivered on this worst case scenario?

▲

shadowgovt 2 days ago | parent [-]

Debian's done a pretty good job here. If you run unstable you'll get up to Rust 1.85 (whereas the project home will get you 1.88).

Of course, it's Debian; stable is alllll the way back on 1.63, state of the art in 2022.

	▲	mustache_kimono 2 days ago \| parent [-]
		> Debian's done a pretty good job here. I meant I bet Debian has broke desktops with a simple `apt update`. Whereas show me where rustup has broken a desktop?

▲

shadowgovt 2 days ago | parent | prev [-]

I'm not sure how that's relevant for rust. I'm trying to think of a way they could distribute the rust toolchain that would break your desktop; does your desktop have a native rust install that other pieces of the distro are relying on to have a particular configuration (like the gcc most distros ship with) that a curl | bash installed toolchain would interfere with?