[witty_username]

> In addition, the "curl | sh" type of installation has a bad reputation among developers, for security reasons. Which is especially critical when payment is involved. And which is even more critical when it is about automatic payment.

It's through HTTPS, so it's secure.

[SkyMarshal]

That only secures the transport, not necessarily the source. Especially without a checksum or digital sig to verify the source, it's a little weird of an oversight for a company like 21.

[witty_username]

How would that checksum or digital signature be distributed?

HTTPS checks for authenticity of source (it uses digital signatures). Now, I guess there could be a rogue CA which creates another certificate for 21.co, but excluding that it's fine.

[sysadminkyle]

woosh