In a practical sense, I'm not sure it's as bad as it looks. It is https. And if you weren't going to read the source code, it's not really different from downloading the program before executing it. In this case, its a small shell script, so it's easy to glance through the code to make sure it isn't doing anything sketchy. For large code bases, that isn't always feasible, so at some point you have to simply trust the source, whether you install from a tarball or (ugh) let a shell execute commands from a remote host.
Also, if you're the kind of sysadmin that fires up a VM or a container any time you want to experiment with a new piece of software, you can afford to take risks. At worst, they'll steal your public key.
It does seem like a bad habit. If you get used to sh+curl install legitimate projects, it isn't such a stretch to sh+curl miscellaneous suggestions on forums.
In a practical sense, I'm not sure it's as bad as it looks. It is https. And if you weren't going to read the source code, it's not really different from downloading the program before executing it. In this case, its a small shell script, so it's easy to glance through the code to make sure it isn't doing anything sketchy. For large code bases, that isn't always feasible, so at some point you have to simply trust the source, whether you install from a tarball or (ugh) let a shell execute commands from a remote host.
Also, if you're the kind of sysadmin that fires up a VM or a container any time you want to experiment with a new piece of software, you can afford to take risks. At worst, they'll steal your public key.
It does seem like a bad habit. If you get used to sh+curl install legitimate projects, it isn't such a stretch to sh+curl miscellaneous suggestions on forums.