[simiones]

This seems almost like a misunderstanding of what is the role of an installer, especially for something like oh my zsh. The author is complaining that it takes over their zsh configuration, when in fact that is obviously the whole point of the installer.

An installer isn't simply there to copy a program to your system. It's there to copy files to your system and then modify your system so that it is ready to use the new program to the deepest level that makes sense. You're not supposed to need to do any other configuration of your system for this program after the installer finishes in order to properly use it. This includes things like associating file types with this program, changing system settings to make it default in various places (hopefully with some kind of flag, to be fair), discovering and associating hardware or any other step like that.

Note that piping curl to bash or running bash on the output of curl/wget is a minor point quickly glossed over in the article, which is actually complaining much more about using custom installation scripts that do "too much".

[mjw1007]

The other part of an installer's job is to provide a reliable way to uninstall the program, without leaving any mess behind.

I think that's the main reason I'm reluctant to run curl|bash-ware. I might trust the authors not to be malicious, but I generally wouldn't trust them to be competent at cleaning up after themselves.

[simiones]

Yes, having a proper method for uninstalling is one big advantage of "proper" installers (like .deb packages or .msi installers on Windows) - though of course there is no guarantee even then that it will properly clean-up the system.

However, having a package that simply installs some files and then tells you "copy these lines to your .bashrc and modify this mount file and [...]" to set up your system is really not that much better - if you follow those instructions, it will be up to you to manually un-follow them if you later decide to stop using this package. And while whoever wrote the installer may or may not properly undo what what they installed in the uninstaller, I can guarantee that no one will provide an uninstaller which un-does changes you manually made.

[user3939382]

> a reliable way to uninstall the program, without leaving any mess behind

cc: Anyone working on macOS

[dagmx]

Uninstalling macOS apps is usually as simple as removing the app bundle.

[user3939382]

If only that were true. Apps leave their config and support files all over the file system.

[AnIdiotOnTheNet]

Also true of literally every OS, on the inherited wisdom that separating the config from the actual application allows it to persist through upgrades and reinstalls easily.

There are certainly other ways to do that, but this is how it has been done since forever.

[user3939382]

Windows uninstall isn't guaranteed* to be perfect but it's much better in this regard. It's common on Windows to have uninstaller apps that go around cleaning up the crumbs of the application. The equivalent on macOS isn't unheardof but it's rare.

[ilyt]

Right but few kbs of config is less of a bother than few hundred megs of deps installed all over the place.

The config and data is iffy situation because you might want to uninstall just to install new version, and so might want them to stay, might want them gone.

[bravetraveler]

Precisely, if this is the suggested distribution method then I have to assume there's been even less investment in 'undistribution'

It's possible for installers to be this full-featured, but it's plagued with footguns.

They try and often fail to make an idempotent shellrc patcher with command line pipes, or something equally convoluted. If at all.

Instead of using something established, or even better... drop-in config directories.

Not everything needs to own (or even touch) the main config file!

edit: Don't trust the 'curl the script before piping it' thing, either.

I don't have it handy, but there's been demonstrated means to alter the content based on timing, causing the pipe to be a malicious payload

[ilyt]

It's almost admission of guilt, nobody ever thinks about that uninstall.

Even workse if app starts with sudo to install some stuff in system directories

[revolvingocelot]

>An installer [... is] there to copy files to your system and then modify your system so that it is ready to use the new program to the deepest level that makes sense

Sure, but what's the corresponding step in the zsh "install"? Looks like copying over their ~/.zshrc. The "install" script could have chosen to clone the git repo, copy the file, then print "all done! run 'zsh' to start your new shell!' or whatever