Ironically, it is rustup that triggered me with this most recently… https://www.rust-lang.org/tools/install

Thank you for the nuanced answer!

You ask why I feel this is less secure: it seems the lowest possible bar when it comes to controlling what gets installed on your system. The script may or may not give you a choice as to where things get installed. It could refuse to install or silently overwrite stuff if something already exists. If install fails, it may or may not leave data behind, in directories I may or may not know about. It may or may not run a checksum on the downloaded data before installing. Because it’s a competely free-form script, there is no standard I can expect. For an application, I would read the documentation to learn more, but these scripts are not normally documented (other than “use this to install”). That uncertainty, to me, is insecure/unsafe.

I do, but some of these scripts are quite complex and hard to parse. When all I would really need to do this myself is a direct download URL and unzip/untar in a folder of my choice, it’s a pain.

Indeed, looking at the content of the script before running it is what I do if there is no alternative. But some of these scripts are awfully complex, and manually parsing the odd bash stuff is a pain, when all I want to know is : 1) what URL are you downloading stuff from? 2) where are you going to install the stuff?

As for running the program, I would trust it more than a random deployment script. People usually place more emphasis on testing the former, not so much the latter.