I do not want to be that guy, but I do anyway. Haha.
Is there time for a service that looks at any README on a github project or other indexable repos, and give it a cute landing page and failing grade if the install recommends curl http://supersecure.script - | bash # fuck my box.
That's funny, but I think the idea of bpkg is to be the last tool you'd have to install the failing-grade way and use bpkg for any future tools on various platforms and all.
technically, they don't recommend it. curl whatever | bash is one of the 3 possible method (first listed, I agree) but there are 2 other ways to install it.
otoh, don't you think that without the unsecure one liner to install it, some people would complain about its lack ? Stating they can read the script before executing it anyway.
Plus, it's not much less secure than cloning a repo and running 'make install' (in both case, one could read the script(s) but will unlikely do so).
Direct your efforts to your favorite OS's package management team. Stop creating new package management systems that permit idiots to install vulnerable software that won't get flagged by widely accepted monitoring practices for every OS
There's too much overhead to package and maintain small shell tools as native packages. Plus, who wants their repository list to be growing infinitely with PPAs that usually tell little about themselves. Major distros other than Ubuntu are not any better.
Is there time for a service that looks at any README on a github project or other indexable repos, and give it a cute landing page and failing grade if the install recommends curl http://supersecure.script - | bash # fuck my box.
Perhaps ismyboxvaklem.pt?