[evmar]

> installation via piping script that is being downloaded to shell is something that shouldn't be present at all

The alternative is you download a binary and run it, at which point that binary can do whatever the shell script could have done.

(The other alternative is you download source, at which point the Makefile or any other piece of the build that you execute can do whatever the shell script would have done.)

As long as the script is available via https the security is equivalent to the alternatives.

[lambda]

> The other alternative is you download source, at which point the Makefile or any other piece of the build that you execute can do whatever the shell script would have done

Part of the problem with this is that since it's a bootstrapped compiler, and the only one for the language so far, "downloading source" mean you need a binary to compile it with, which devolves to the same problem.

[geertj]

Rust was bootstrapped with an OCaml based compiler. Alas I don't think it has been kept up to date, so you won't be able to use it to compile the v1.0 source. Not sure how many generations in between the last OCaml compilable rust and the current rust you'd need to compile to bootstrap, probably quite a few.

[steveklabnik]

Very, very, very many. https://github.com/rust-lang/rust/blob/master/src/snapshots....

I've still thought about doing it.

[Ruud-v-A]

A while back, somebody got Cargo running on an unsupported platform, but bootstrapping was a major problem. The compiler had to bootstrap newer versions of itself tens of times, and that was only for a few weeks of breaking changes …