About the installation method ('hi! download this random shell script and execute it'), I agree this is really dangerous but mere installing stuff is a hairy thing on linux distros. I mean what is the practical alternative? Distro package manager versions are almost always way behind.

NixOS/guix are gonna solve this issue once and for all (famous last words)

But it's not really dangerous, no more so than downloading an arbitrary binary and executing it at least. The script is delivered over https, so you're not going to be MITM'ed, and you're trusting rustup to provide you the valid install script. If you _are_ MITM'ed, it doesn't really matter what your delivery method is unless you do a verification from another device/network, and if you don't trust rustup then why are you downloading and executing their installer?

ducktective

If they `shellcheck` their bash script, then sure. Aside from unquoted $vars, usually random shell scripts have a habit of polluting home and creating arbitrary dirs under god-knows-where and not respecting XDG.

They are almost always irreversible too. Like you can't undo the steps the shell scripts have done.

__ryan__

Any software you choose to run could not respect your desires and leave a mess. This is not a random shell script. It's the officially recommended way to install Rust [0], vetted and maintained by the community. You're free to audit the script before running it, or even check out the source [1]. If this doesn't satisfy you, check out the other installation methods [2].

Edit: I realize you're not speaking specifically about rustup, but what I said can and should apply to anything you choose to install this way.

0: https://www.rust-lang.org/tools/install#rustup

1: https://github.com/rust-lang/rustup

2: https://forge.rust-lang.org/infra/other-installation-methods...