How do I know the maintainers of the repo haven't gone rogue and are now distributing malware?
Depends on the repo but at least for Debian, there's a path of trust between GPG keys I've signed and the Debian release GPG keys.
How is that safe?
It's not, it's a sign that the authors don't take security seriously.
If you use this
I never do.
your repeated assertion that it is poorly engineered simply because it doesn't use a particular distros packaging system
I have asserted no such thing.
To me it's irrelevant
I think that's the crux of the issue. You've conflated your interests and the author's purposes.
What you've described is not an algorithm.
You didn't answer my question.
The article is about the couple being fined for finding the stowaway after they left the port, the gender, age and reason the stowaway came to the UK is irrelevant to that.
Why do you believe the gender and age were included in the article?
Pro-tip: share text as text, not as images.
they could have left it out and it wouldn't have changed anything
LOL, it would have changed the article.
Why is it relevant to the article about where he came from?
Because that's not the focus of the article
They went to the trouble of explaining the age of the boy and where he was from and by your logic those bits of information aren't the focus of the article either.
You're just guessing, you don't know. We can all make guesses.
That's not what projects recommend though. Many recommend piping the output of an HTTP transfer over the public Internet directly into a shell interpreter. Even just
would be one step up. The absolute minimum recommendation IMHO should be
but this is still problematic.
Ultimately, installing software is a labourious process which requires care, attention and the informed use of GPG. It shouldn't be simplified for convenience.
Also, FYI, the word "option" implies that I'm somehow restricted to a limited set of options in how I can use my GNU/Linux computer which is not the case.