For me the insecurity isn't even the worst thing about curl | sh.
I like package managers, and I tolerate tarballs, because I know what they do and how to reverse it. I care about the organisation of my filesystem and suspect that the people who suggest I pipe their script into my shell do not care at all.
I like package managers, and I tolerate tarballs, because I know what they do and how to reverse it. I care about the organisation of my filesystem and suspect that the people who suggest I pipe their script into my shell do not care at all.