| I know plenty of folks who've ridden motorcycles helmetless for years without any issue. It's a collection of script written in a non-idempotent manner, and run in an uncontrolled, undefined environment. The benefit of binary packages is that you have a reasonable idea that the package will consistently build in a well defined environment (the base build chroot for the OS + the defined dependencies in the package). The result is a consistent reproducible binary that means when you run version x.y.z it's the same as version x.y.z that I'm running, and the same as version x.y.z that the package maintainer is running. When software is "packaged" via install scripts that fetch and build from the internet on the fly with loosely defined versions, you stand a lot of risk of breaking your environment. If you only spend time in toy environments playing games and looking at cat pictures, that's fine. If you rely on the tools you work with to be stable, perform in a consistent manner, and not accidentally leak information about your environment (you'd be shocked by how many test suites will post your local environment variables out to arbitrary metrics collection points), then pre-build binary packages are a safe and reliable way to operate. You can have fun letting the wind blow through your hair; I'll keep my helmet on, thanks. |
I made it 10 lines into the very first plugin before hitting a point where the installer script is downloading a file over an insecure connection, and treating it as a list of trusted URLs.