If you don’t trust the authors, don’t install it (duh).
Just because I trust the authors to write good rust/javascript/etc code, doesn't mean I trust them to write good bash, especially given how many footguns bash has.
Steam once deleted a users home directory.
But: I do agree with you. I think curl | bash is reasonable for package managers like nix or brew. And then once those are installed, it's better to get software like the Bun OP mentions from them, rather than from curl | bash.
You can use things like dependabot or renovate to update versions in a controlled manner, rather than automatically using the latest of everything.
On the other side, when it comes to docker containers, you can use github actions or some other CI/CD system to automate the container build.
Trust and security aren't just about protecting from malice, but also mistakes.
For example, AUR packages are basically install scripts, and there have been a few that have done crazy things like delete a users /bin — not out of any malice, but rather simple human error.
Binaries are going to be much, much less prone to these mistakes because they are in languages the creators have more experience with, and are comfortable in. Just because I trust someone to write code that runs on my computer, doesn't mean I trust them to write an install script, especially given how many footguns bash has.
Fun fact: almost all the features of pwa's people like, including offline support are actually already built in and work.
The only popular thing that doesn't work is seperating it out to it's own window, you have to visit the website.
No, box is it's own cloud storage platform, like drive. But it doean't have it's own alternative to google docs/sheets/etc, sp it integrates the web versions of microsoft word/excel/etc.
Outside of the competition, does your team self host cryptpad?
Not yet :(
We use a service called Box, in combination with Microsoft office online, and it sucks.
Me and my team are planning to use it for the upcoming https://wrccdc.org/ competition.
During the regionals competition, we go to a physical location and are not allowed to bring our own electronics. In addition, there is a firewall with an allowlist, meaning we have to ask for stuff to be unblocked, or self host services we will want/need.
Crytpad is small enough that it can be deployed during competition without much fuss, and it allows for collaborative editing, which is useful for things like sharing passwords.
if not, is there a broadly-applicable reason (security, damaging OS, etc
Yeah. The big one is security. Windows suffers from this, where being able to just download an exe and run it results in the ease of distribution for malware.
Repositories of software have a massive advantage, in that they are vetted and watched by a multitude of individuals. The recent XZ backdoor didn't even make it to the repos of Debian 12 due to the slow policies. Of course, this comes with the notable disadvantage of not all software being packaged.
In my opinion, a reasonable compromise are distro agnostic package formats with their own package managers, like flatpak or nix. Flathub and Nix are maintained, vetted, and haven't been hit by malware (yet). For servers and their services, there are docker images, which can be run any of the many ways to run docker containers. At this point, I think almost all server software I've looked at offers a docker container.
Distros like Debian, have a footnote on potential pitfalls of getting software from places other than the repos. Also, I'd say that Linux distros in general don't want people to create packages of their software.
Your specific idea, make install, has it's own issues as well. If you make install something and an incompatible version of something is installed to the host system, then breakages can occur. Flatpak, nix, docker, all have in common that they are isolated from the host system, and cannot interfere or cause breakages, due to their design.
Now, technically what you want does exist as curl somescript.com | sh but these are security nightmares, and also difficult to maintain post installation. You're supposed to manually check what the script does, but no one does that, and on the more complex scripts, it's not really feasible to check them for malware.
Helldivers 2 and easyanticheat also have kernel level anticheat, but remain playable on linux. They disable the kernel level bits on linux.
Freshtomato is not out of date. The last stable release was december of 2024 And the github repos are being actively updated as well.
Perhaps you are confusing freshtomato with some of it's predecessors, like tomato or advancedtomato, which are no longer currently maintained.
As for openwrt instead, that doesn't support broadcom wifi chips, whereas freshtomato does.
This is like that other recommendation of a linuxserver/kasmvnc docker image as well. It doesn't allow for collaborative editing like cryptpad or google docs does.
Soatok's post about matrix opens with this: