Never trust anyone who gives you a command that both downloads and executes any script. That person is either malicious, incompetent or they know the risks and just don’t give a shit
And yeah they should know better. On the other hand, modern programming languages also pull libraries from all over the place without any serious vetting. This is becoming more and more of a problem as several people have demonstrated here:
How is this different from any other installer that asks for admin access? At least the wget method gives you an opportunity to look at the install script, which most software installers dont provide
https://brew.sh/
And yeah they should know better. On the other hand, modern programming languages also pull libraries from all over the place without any serious vetting. This is becoming more and more of a problem as several people have demonstrated here:
https://news.ycombinator.com/item?id=30679098
I bet sooner or later this will result in a major wannacry/log4j style international incident and then we'll start doing something about it.