When people say "curl|bash", this usually means secondary fetches, random system config changes, likely adding stuff to user's .bashrc
replyBut it's not quite that bad in this particular case - they are fetching pre-built static toolchain, and running old-school install script, just like in 1990s. The social convention for those is quite safer.
(Although I agree, it is pretty ironic that they prefer this to using ppa or binary packaged into deb...)
I don't get it. What's the chasm here?
replyYou can curl stuff and run it just gotta have hashes in place.
replyIn theory, yes.
replyIn practice, very rarely. Lots of 'curl | sh' do secondary fetches, and those don't come with hash checks. And even if they come with hash checks _today_, there is no guarantee next version won't quietly remove them.
Aren't the versions of Rust in stable Linux distributions like, a century old? Or at least they were last I checked what Debian and Ubuntu LTS were distributing. I think it's because they don't like static linking.
replyHasn’t the right way to install rust has always been using rust up? I am an Ubuntu user and never once tried apt for rust.
replyI believe Rust is typically only used through `apt` as a dependency for system packages written in Rust, or for building system packages that are written in Rust, so that they can link against a single shared instance of the Rust Standard Library.
reply[flagged]
replyshould we trust someone whos HN account is just as shiny?
reply“Done software”?
replyClearly what the world needed before all else was Rust versions of cat and dd.
replyThe Rust community's specialty is generating solutions in search of problems.