| ▲ | lgtx 4 hours ago | |||||||||||||||||||||||||||||||
The installation instructions being a `curl | sh` writing to the user's bashrc does not inspire confidence. | ||||||||||||||||||||||||||||||||
| ▲ | ori_b 4 hours ago | parent | next [-] | |||||||||||||||||||||||||||||||
They did say it was inspired by cargo, which is often installed using rustup as such: | ||||||||||||||||||||||||||||||||
| ▲ | bikelang 4 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||
I don’t love this approach either (what a security nightmare…) - but it is easy to do for users and developers alike. Having to juggle a bunch of apt-like repositories for different distros is a huge time sink and adds a bunch of build complexity. Brew is annoying with its formulae vs tap vs cask vs cellar - and the associated ruby scripting… And then there’s windows - ugh. I wish there was a dead simple installer TUI that had a common API specification so that you could host your installer spec on your.domain.com/install.json - point this TUI at it and it would understand the fine grained permissions required, handle required binary signature validation, manifest/sbom validation, give the user freedom to customize where/how things were installed, etc. | ||||||||||||||||||||||||||||||||
| ▲ | maccard 3 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||
Given you're about to run a binary, it's no worse than that. | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| ▲ | uecker 4 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||
This is fitting for something simulating cargo, which is a huge supply chain risk itself. | ||||||||||||||||||||||||||||||||
| ▲ | jjgreen 4 hours ago | parent | prev [-] | |||||||||||||||||||||||||||||||
[flagged] | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||