Those instructions are from the official docs, and install.sh comes from the source repo.
It’s an annoying script (it basically runs apt, npm, make, on your behalf…thanks, I can do that myself), but if you’re trusting the repo source to begin with, I don’t think it’s any less secure.
What’s the alternative to doing this? Is it safer to read the script first and then execute it as
sh ./install.sh
?Read the official docs to build from source.
Those instructions are from the official docs, and install.sh comes from the source repo. It’s an annoying script (it basically runs apt, npm, make, on your behalf…thanks, I can do that myself), but if you’re trusting the repo source to begin with, I don’t think it’s any less secure.