Not reassuring
#
Many have bemoaned the trend of installing Unix software by downloading a script from the web and piping it to the shell.
Usually people providing such installers invite users to review the source code to ensure it’s not doing anything malicious.
But not pip!
Download
get-pip.py
and execute it, using the Python interpreter of your choice:
$ curl https://raw.github.com/pypa/pip/master/contrib/get-pip.py | python
This may have to be run as root. [emphasis mine]
This is the first couple lines of get-pip.py
:
#! /usr/bin/env python sources = """ eNrsvVt7HEmWGDaSba1VuqyllSX704NzwMFmJlmVbHIusjBTzeGQ4DQ17CZFkD2aBTA1iaoEkIuq ykJmFsDq2fbn3+AnP/hX+E/5we/+7DefS9wjMqtAcnalT5r9tonKjDwRceLEiXNOnMv/+ve/v/5B 8v6frMpVNq+meVtWy+b67737d3/2gx/s7e29ko+i28uiLqLbIppX1VV0XtXRtFqelxfNMCqXTZvP
Not reassuring.