"Best practice" is a bit exaggerated.. or tbh a joke. Any reasonable software I have lately seen distributing that way (and that were few ones) usually come with disclaimers like "beware that you must trust us" or pointing to alternatives in the direction of package managers..
> to run untrusted code,
No again, that depends on who you trust, right? If you trust noone, it is all up to you, certainly.. and at least you have the theoretical possibility to review almost everything (which other people actually do).
> to run untrusted code,
No again, that depends on who you trust, right? If you trust noone, it is all up to you, certainly.. and at least you have the theoretical possibility to review almost everything (which other people actually do).