On Tuesday, 17 December 2019 at 18:32:30 UTC, H. S. Teoh wrote:
> 1) Have a fixed URL that never changes, that always points to the latest
>    release. So your script doesn't have to figure out anything, just
>    download from the fixed URL.
>
> 2) Use HTTP 307 to redirect the fixed URL to the actual URL, so that the
>    downloaded filename will have the correct version embedded.
>
> 3) The script can parse the filename to figure out what the version is.
>
>
> T

The most common way nowadays for installing compilers seems to be curl | sh solution. Languages such as Crystal, Rust and Nim are using it. For Windows equivalent PowerShell solution could be used.

On Thursday, 19 December 2019 at 09:43:17 UTC, JN wrote:
> The most common way nowadays for installing compilers seems to be curl | sh solution. Languages such as Crystal, Rust and Nim are using it. For Windows equivalent PowerShell solution could be used.

Urgh. Piping a random shell script from the dregs of the interwebs into a local shell (possibly even a root shell) is about the worst security malpractice that is perpetuated these days with "installers" like this.

I mean, we tell the more illiterate users to not click on random email attachments, not to trust VBA macros in Word files addressed to them, etc.. and then we're telling ourselves that it's OK to run random scripts sight unseen? Somebody probably needs to hack or MITM a couple of these web servers to drive the point home, I guess... :-(

At least give instructions that have users download the script to a temporary file. That will encourage at least some of them to review the script before running it.