[carlsverre]

I don't understand why you would go through all of this effort...

Just dump the data into a file:

curl > foobar

Read the file using any number of normal utilities

vim foobar

cat foobar

nano foobar

less foobar

Then if you like what you see execute the file

sh foobar

Linux/Unix utilities are meant to be used. Don't limit yourself to only knowing how to check the contents of a curl install if you have a curlsh function.

[djm_]

As programmers, our entire job revolves around removing unnecessary processes that can be automated. So I ask you, how does providing a shell function which does exactly what you just suggested limit somebody?

If they can't read it, they likely wouldn't even know how to install it.

Disclaimer: I wrote this article in Aug of last year.

[andreasvc]

It takes up precious mind space for an ad-hoc one-off feature, instead of utilizing simple well-established unix commands commonly available on servers and usable for multiple purposes. Plus I'd say it gives a false sense of security because a moderately determined attacker can easily obfuscate his exploit so as to slip through this casual review process.

[opendais]

The mind space argument breaks down because its generally an install process which means you are just typing what they wrote in their README.md file if it seems reasonable. Its not something you memorize.

[bch]

I think the "mind space" is knowing how to handle data, run an editor, and chmod or run a shell with inputs (all useful, portable skills), versus having a limited-use hand-holding script.

[RubyPinch]

my personal bother with it, is it switches the roles of saving

the "No, I don't want to run this" way to exit is to wipe the file and save it empty.

the "I do want to run this" way is to just exit normally

opening something and going "wow this is actually damaging, I'll just exit, ^X... waitfuck" seems something that is more than possible

or in short, the default state is to execute the file