[vbezhenar]

For helm and most other golang apps, you just need to download and put binary into your $PATH. They usually put them onto github releases, so it's really low friction way to install a genuine application.

Now to keep them updated is another story.

[silisili]

Last sentence. I love Go's install and run story, but keeping it up to date is a pain.

We trust, or used to trust, distros for this. Why are they messing with the source?

[xavxav]

My understanding is that they've more or less always done this for various reasons: security patches, compatibility, dependency versioning. I understand the historical reasons that led to this structure for package management, especially with how brittle C dependencies seem to be, but I truly hate this practice. It seems to make it exceptionally difficult for authors of major software to establish any sort of invariants or security boundaries.