> As opposed to the Linux security best practices of curl | bash?
Gotta take offense here. That's a MacOS paradigm.
All Linux distros have proper package management, always cryptographically signed and increasingly reproducibly verified, and extremely broad coverage of virtually all the software in the community. The closest you get to this kind of thing as an "official install mechanism" is e.g. bootstrapping a package repo for third party software, which has you hand-verify the keys.
People who pull unverified code to their boxes are virtually all developers cloning stuff to build.
Gotta take offense here. That's a MacOS paradigm.
All Linux distros have proper package management, always cryptographically signed and increasingly reproducibly verified, and extremely broad coverage of virtually all the software in the community. The closest you get to this kind of thing as an "official install mechanism" is e.g. bootstrapping a package repo for third party software, which has you hand-verify the keys.
People who pull unverified code to their boxes are virtually all developers cloning stuff to build.