[otto_ortega]

You are overly paranoid... The GitHub repo is literally the first thing that shows up when searching for "Fedy" on Google:

https://github.com/folkswithhats/fedy

If the "--nogpgcheck" bothers you, a simple text replace over the source code solves it.

Same with the "curl|bash" thing, you are not obligated to run it that way, you can just clone the repo and run it however you want, it is open source!

It is funny the way people overreact with things like this with projects that are open source but are ok installed closed source software and feel safe because they got them from the official repos...

[baggins367]

Your suggesting a solution for a very common use case many Fedora users have (i.e. installing skype, viber etc) in a New Release thread on a highly visible forum. This means many people could find and run this code, so I think its warranted to analyze its security instead of dismissing it. I agree it has some bad security practices, which are hard to trust in this day and age.

I don't mean to dump on this project or the people behind it, fair dues to them for putting it together to make peoples lives easier. But widely used software must be built and distributed securely.

Since it is GPL3, I wonder why the authors don't build and distribute it from COPR directly from github? It would solve the same problems, and make it easier to trust.