cross-posted from: https://jlai.lu/post/8476122
Zed on Linux is out!
5 points
You are right, except for one detail. Package managers almost always validate the packages using digital signatures, to avoid man-in-the-middle attacks. You don’t need to trust the network anymore. Shell scripts piped to a shell don’t have that protection. You still have to trust the developers and maintainers, though.
2 points