The most important argument is phishing. People aren’t good at recognizing when a web site is legitimate. One reason that app certification is a shitshow is that recognizing bad players while minimizing false negatives and false positives is a difficult problem. Domain names fundamentally don’t solve that problem.
reply> Domain names fundamentally don’t solve that problem.
replyApp certification doesn't solve that problem either.
Because even with HTTPS that script might not do what you expect and then is too late, xz style attack.
replyYou're already installing a binary, the script is not the weak link here.
replyDepends, installing binaries on GNU/Linux usually assumes validated distro repos.
reply