recursion

Many have bemoaned the trend of installing Unix software by downloading a script from the web and piping it to the shell.

Usually people providing such installers invite users to review the source code to ensure it’s not doing anything malicious.

But not pip!

Download get-pip.py and execute it, using the Python interpreter of your choice:

$ curl https://raw.github.com/pypa/pip/master/contrib/get-pip.py | python

This may have to be run as root. [emphasis mine]

This is the first couple lines of get-pip.py:

#! /usr/bin/env python

sources = """
eNrsvVt7HEmWGDaSba1VuqyllSX704NzwMFmJlmVbHIusjBTzeGQ4DQ17CZFkD2aBTA1iaoEkIuq
ykJmFsDq2fbn3+AnP/hX+E/5we/+7DefS9wjMqtAcnalT5r9tonKjDwRceLEiXNOnMv/+ve/v/5B
8v6frMpVNq+meVtWy+b67737d3/2gx/s7e29ko+i28uiLqLbIppX1VV0XtXRtFqelxfNMCqXTZvP

Not reassuring.