There are so many ways this is bad idea (in example if connection gets lost and you execute a half downloaded script). It’s not always about exploits, humans make mistakes. Reducing attack surface is always a good idea when possible.
The uninstall script even has sudorm -rf "{place}" , with a variable that is not checked. What if its empty for whatever reason? It would default to current working dir (with sudo rights) and delete everything. Mind you, this uninstall script is also behind a shell | into bash that executes a script which runs itself a curl again to download uninstall script.
I don’t like that. Better provide a manual installation pointing to the releases page. Let people download manual. Executing the program wouldn’t even need root rights, just try if you like it and put it in a directory that is in the path.
There are so many ways this is bad idea (in example if connection gets lost and you execute a half downloaded script). It’s not always about exploits, humans make mistakes. Reducing attack surface is always a good idea when possible.
The uninstall script even has
sudo rm -rf "{place}", with a variable that is not checked. What if its empty for whatever reason? It would default to current working dir (with sudo rights) and delete everything. Mind you, this uninstall script is also behind a shell | into bash that executes a script which runs itself a curl again to download uninstall script.I don’t like that. Better provide a manual installation pointing to the releases page. Let people download manual. Executing the program wouldn’t even need root rights, just try if you like it and put it in a directory that is in the path.