[rubbsdecvik]

What I got from this article: "`curl|bash` can be secure if you add signing, file integrity checking, and trust the source." The whole time I kept thinking, these are assurances you can get from traditional mature package management.

[jethro_tell]

and also from extra steps between curl and bash. Which is the whole point in the first place. If you are going right through a pipe and letting the script verify itself then what's the point.

Are you the guy I'm looking for? YES! --> Seems trustworthy.

[Gankro]

No the bash script doesn't verify itself. The only real verification step is using https (and writing the script so that it's not vulnerable to truncation attacks).