[tbabej]

It is worth noting that setting up a local demo with their docker-compose based script is roughly 30s of work:

    mkdir listmonk-demo
    sh -c "$(curl -fsSL https://raw.githubusercontent.com/knadh/listmonk/master/install-demo.sh)"

This will setup a local server on localhost:9000.

That said, I would personally recommend inspecting the bash script first before running it. The script in this case is not malicious, but it's a good habit to have.

[denton-scratch]

I'm not OK with the modern practice of recommending end-users download and execute a script from the big, bad web without first reading it.

I guess I'm just an old fuddy-duddy, and if you feel it's OK, knock yourself out. But I really think software developers should know better than to rely on this practice simply because it makes their install process into a one-liner. I'm sure they could do better than recommending users execute random scripts from the intarwebs, sight-unseen.

[knadh]

What is the difference between downloading and running a bash script vs. downloading and running a binary or a Docker image?

Surely, when downloading a piece of software from a (quasi?) trusted source, no developer is going to read all the lines of source code before running it. And if that's the case, how is downloading and running an .sh from the same source any different?

[e12e]

It's probably a bad idea to willy-nilly "docker run" something too - but in this case it's extra silly - the demo requires docker and docker-compose - so the downloading/instruction might as well have been just:

   wget https://raw.githubusercontent.com/knadh/listmonk/master/docker-compose.yml
    docker-compose up demo-db demo-app

And a note that demo app runs on port 9000. Even better would be a demo docker-compose.yml, so that "docker-compose up" was enough.

Now, should you run some random docker image(s)? Maybe not. But it's easier to see what's going on - maybe you spin up a vm and run docker there, isolated?

[sofixa]

> What is the difference between downloading and running a bash script vs. downloading and running a binary or a Docker image

Docker images are slightly isolated. By default running a random one doesn't have access to your local filesystem or anything listening on your machine, unless you explicitly ask for it ( which a random docker-compose.yaml or bash script around a docker-compose.yaml and up can).

[denton-scratch]

TBH, I've never downloaded a Docker image. I rely on Debian; I trust packages from the Debian repository (hell, I'm running their OS, so I already trust them).

Software from other sources: not so much. Maybe run it in a VM.

Look, I've used such commands myself - once upon a time that was the recommended way to install LetsEncrypt, I think. But I look at the script first.

[preya2k]

You need to be on a desktop device, you need to have Docker running and you need to have port 9000 still available.

So I still think these are pretty high requirements to test a product out. Especially since this is a tool being used by non-IT people (E-Mails/Marketing). Might be helpful to have a demo, to help convince people who don't know what docker is, but can still vote/decide/argue for/against certain software solutions.