But those are two very different things, I can very easily give you a one liner using curl|bash that will compromise your system, to get the same level of compromise through a proper authenticated channel such as apt/pacman/etc you would need to compromise either their private keys and attack before they notice and change them or stick malicious code in an official package, either of those is orders of magnitude more difficult than writing a simple bash script.
You didn’t knew that the tool to handle URLs written in C (very creatively named C-Url) was handling URLs? It’s also written in C if you didn’t knew.
Sure, but which OSD criteria is being broken here?
Open source and FOSS are two different things though. I think Mattermost is open source, just not FOSS and the licencing they mentioned might be wrong (GPL is invasive so they couldn’t have a closed source part IIRC), but it’s still open source as the code is freely available.
That’s a very cool idea, seems great for receipts and quick stuff.
How does it work on Android? One of my main use cases for Nextcloud is to be able to access some of my pdfs on my phone, the app seems to be focused on uploading which is something that while I do sometimes from my phone is much less often.
But what is a trusted provider? How can you trust it? How sure are you that you’re not being MitM? Have you fully manually verified that there’s no funky flags in curl like -k, that the url is using SSL, that it’s a correct url and not pointing at something malicious, etc, etc, etc. There are a lot of manual steps you must verify using this approach, whereas using a package manager all of them get checked automatically, plus some extra checks like hundreds of people validating the content is secure.
To do apt get from an unknown repo, you first need to convince the person to execute root commands they don’t understand on their machine to add that unknown repo, if you can convice someone to run an unsafe command with root credentials then the machine is already compromised.
I get your point, random internet scripts are dangerous but random internet packages can also dangerous. But that’s a false equivalence because there are lots of safeguards to the packages in the usual way people install them, but less than 0 safeguards to the curl|bash. In a similar manner, if this was a post talking about the dangers of fireworks and how you can blow yourself up using them your answer is “but someone can plant a bomb in the mall I go to, or steal the codes for a nuclear missile and blow me up anyways”.