[baggins367]

Your suggesting a solution for a very common use case many Fedora users have (i.e. installing skype, viber etc) in a New Release thread on a highly visible forum. This means many people could find and run this code, so I think its warranted to analyze its security instead of dismissing it. I agree it has some bad security practices, which are hard to trust in this day and age.

I don't mean to dump on this project or the people behind it, fair dues to them for putting it together to make peoples lives easier. But widely used software must be built and distributed securely.

Since it is GPL3, I wonder why the authors don't build and distribute it from COPR directly from github? It would solve the same problems, and make it easier to trust.