[zackp30]

All good points. Thanks!

I agree that all companies should have a signed package repository, instead of tarballs 100%.

I didn't mean to defend ‘curl | bash‘, I just meant to say why ‘curl | bash‘ isn’t as bad as people think (versus tarballs). Package managers definitely are far superior to tarballs, and ‘curl | bash‘.

Another thing I didn’t like is how the OP seemingly dismissed an entire product with the single statement “kthxbai”, but that’s not relevant.

In an ideal world companies (or even small projects) have repositories, in an even more ideal world they were in the distro repositories already.