Zed is a modern open-source code editor, built from the ground up in Rust with a GPU-accelerated renderer.
Installer is piping curl into shell
I thought we were past this as a society 😔
GPU-accelerated renderer.
There’s a reason why GUIs don’t render fonts in the GPU.
AFAIK it’s the copy cost for the memory. GPU makes sense only when the hardware allows this copy to go away. Generally, desktop PCs don’t have such specialized hardware.
A curl piped into a shell or some unofficial packages from various distros.
At this point I don’t get why these projects are not Flatpak-first.
Flatpak is worse for debugging, development, and reproducibility.
Its good for user friendly sandboxing, portability, and convenience.
Flatpaks are reproducible https://ranfdev.com/blog/flatpak-builds-are-not-reproducible/
Is it really worse tho? A single build, against a single runtime, free from distro specificities, packaged by the devs themselves instead of offloading the work on distro maintainers?
Security wise it doesn’t matter, you run the code they wrote in any case. So either trust them or don’t. Where it matters is making a mess on your computer and possibly leaving cruft behind when uninstalling. But packages are in the works, Arch even has it since before linux support was announced officially.
This isn’t true because until the PR fixing it goes through it downloads other binaries without user consent.
It is worrisome that all the smug elitists are too incompetent to just leave off the pipe and review from stdout, or redirect to a file for further analysis.
Same people will turn around and full throat the aur
screaming ‘btw’ to anyone who dares look in their direction.
By that logic you have to review the Zed source code as well. Either you trust Zed devs or you don’t - decide! If you suspect their install script does something fishy, they could do it just as well as part of the editor. If you run their editor you execute their code, if you run the install script you execute their code - it’s the same thing.
Aur is worse because there usually somebody else writes the PKGBUILD, and then you have to either decide whether to trust that person as well, or be confident enough for vetting their work yourself.
Have you really not heard of it? It is a new architecture that is a bit better than x64_64.
That was my first thought as well, but I will say that uBlue distros had a signing issue preventing updates recently, due to an oversight with how they rotated their image signing keys, and the easiest (maybe only?) solution was to pipe a curl command to sh
. Even though uBlue is trustworthy, they still recommended inspecting the script, which was only a few lines of code.
In this case, though, I dunno why they don’t just package it as a flatpak or appimage or put it up on cargo
.
Edit: nvm, they have some package manager options.
I mean its already in the nix repos as well as homebrew which means its essentially taken care of
I’ve been using it with the nix package manager. It’s awesome how easy nix works
It appears to be a couple of versions behind … and have some issues with dynamically linked libraries that hinder LSPs. Neither of these is Zed’s fault. I’m sure the packaged version will be up to date momentarily (given the interest in Zed, sooner rather than later). Not sure how easy the LSP thing will be to fix, though there are some workarounds in the github issue.