On Wed, Mar 07, 2018 at 12:05:17PM +1100, Paul Dwerryhouse wrote: > On 2018-03-07 11:44, Craig Sanders via luv-main wrote: > > BTW, it's not always a good idea to follow install instructions from > > developers. Many of them are focused exclusively on their pride and joy > > and don't give a damn about the operating system it runs on....and many > > see the OS as an obstacle to be worked around. > > Oh, so you mean that best practice for production installs *isn't* to run > curl-pipe-sudo-bash that pulls something from the head of a random github > repo and then runs npm to splatter it across your filesystem? ;)
Whatever gave you that impression :) it's always perfectly safe to run arbitrary shell code downloaded with curl as root. Just pipe it straight in with sudo. That's so clever. After all, it's recommended by the **developers**. They know what they're doing. and their shell code is guaranteed to be bug-free even if their expertise is in javascript or ruby and they've never written a sh script before in their entire life. sh isn't even a real programming language so it can't be that hard to get right. craig ps: yes, this **IS** one of my pet peeves. IMO every dev who ever suggests `curl | sudo sh` (or similar) as an install method deserves to be tasered every single time time someone follows their advice. It's criminally negligent. ditto for devs who say things like "screw the system, install my super-special program direct from my repo because distro maintainers waste time integrating software into the system and testing that it doesn't break anything, rather than immediately jumping onto the latest version as soon as I release it". They whinge a lot about package management and packaging tools, and then implement a half-arsed version of their own package management "system" like `pip` or `gem` or `npm` without bothering to avoid - or even research - any of the issues that distro developers solved years ago in tools like dpkg and rpm. "I know what users crave, it's my brawndo-installer, 'curl|sudo sh' - It's got electrolytes!" -- craig sanders <c...@taz.net.au> _______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
