Even if I did trust you as much as I trust my OS package manager, I can't trust that it will always be the real you on the other end of my link to you, and it's possible for an attacker to trick curl into giving one script to less and another script to bash. https://web.archive.org/web/20240228190305/https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ Why set yourself up as a huge target like this?