[olalonde]

In this case, * is "https://sdk.cloud.google.com" and I don't see how it's worse than trusting a package from PyPi. If anything, the curl command offers some guarantee that you are running code endorsed by Google.

[lukeschlather]

If the HTTP connection is interrupted during download (highly likely if you're doing this routinely) you'll end up with something in a broken state. Locally running a remote stream as it arrives as code is just a bad idea, unless you're talking about something like a webpage where a partial is potentially preferable to nothing at all.

[cristicbz]

Code which is meant to be piped into bash is generally written as:

    #!env bash
    f () {
      ...code
      ...code
      ...code
    }
    f

Hence a partial stream will do nothing (syntax error, missing brace to be precise).

[plorkyeran]

This is a completely trivial problem to solve (wrap the logic in a function), which the script in question does solve.