top | item 46633904

(no title)

cbarrick | 1 month ago

It's not really different than downloading a .msi or .exe installer on Windows and running it. Or downloading a .pkg installer on macOS and running it (or running a program supplied in a .dmg). Or downloading a .deb or .rpm on Linux and running it.

It's all whether or not you trust the entity supplying the installer, be it your package manager or a third party.

At least with shell scripts, you have the opportunity to read it first if you want to.

discuss

LoganDark|1 month ago

It is different: you give it sudo immediately so it doesn't have to ask.

Of course, many installers ask for administrator access anyway...

cbarrick|1 month ago

I don't think it's functionally different if you write sudo on the command line or if the installer uses sudo in the script.

As you said, most installers need to place binaries in privileged locations anyway.