In most cases the script already installs a pre-compiled binary that can be anything, they wouldn't need to make the script itself malicious if they were bad actors.
eager_eagle
I'll die on the hill that curl | bash is fine if you're installing software that self updates - very common for package managers like other comments already illustrated.
If you don't trust the authors, don't install it (duh).
You're already installing a binary from them, the trust on both the authors and the delivery method is already there.
If you don't trust, then don't install their binaries.
does that count as a blow job?
Call 911 ffs, I can't do anything.
"Do one thing and one thing well"
This is why the Python landscape is such a mess in the first place. The "one thing" should have been project management. Instead, we end up with 20 different tools that have a very limited context, often overlapping or being mutually exclusive to each other in functionality, and it's up to each project to adopt and configure them correctly.
The mass adoption of uv is a clear sign that we're tired of this flawed approach. Leave the Unix philosophy to core utilities of an OS.
Exactly what I did. I'd get a 65" monitor if there was any. But an always offline smart TV will do.
They could have watched the movie Her for much less
That's pretty much the conclusion: you should try uv first, and there's a small chance it doesn't work for you and you're not willing to fix it, or it's out of your hands.
Examples include legacy projects and companies that don't allow it (but I do question how they'd even enforce this, and how developers can even do their jobs if they can't run binaries at the user level).
no shit, are some people really surprised by this, or do they just want the attention?
and the most unrealistic thing is trump apologizing