Next thing you know they'll be running binaries without sending them through IDA Pro.
(Which isn't to say that I disagree with the security concerns raised of a curl|sh. Just that of course many people don't vet their various source code/shell scripts/executables. None the less, you should give them the opportunity to - a tarball and a detached signature seems to be a pretty friendly approach)
My problem isn't with the claim that this is an insecure method of installing software (it most certainly is), just that people are acting like it's an order of magnitude worse than what most people do regularly: download and execute software from unauthenticated/unencrypted websites. I would wager that many of the people complaining are guilty of that as well.
(Which isn't to say that I disagree with the security concerns raised of a curl|sh. Just that of course many people don't vet their various source code/shell scripts/executables. None the less, you should give them the opportunity to - a tarball and a detached signature seems to be a pretty friendly approach)