Delicious! Let's pipe data retrieved over raw HTTP and pipe it directly to sh. It's like one of those Head-On commercials (remember those?) only with digital cyanide.
As opposed to blindly downloading a repo and running "make install"? What's the difference? If you really cared enough you would instead pipe it to a file to inspect first. But I don't think you inspect most packages you download from GitHub etc.
So again, what's the difference as opposed to convenience with the pipe?
Well, which is it more probable to to go unnoticed: a hack of the install script you fetch via http or an entire github commit infesting the software while it still lets it work as designed so no contributor notices?
It is not a problem with mojolicious at all. Its a nice helper that should be carefully used.
Delicious! Let's pipe data retrieved over raw HTTP and pipe it directly to sh. It's like one of those Head-On commercials (remember those?) only with digital cyanide.