Add installation instruction to README.md

[NobodyXu]

Accoding to #7, rmz and cpz requires nightly compiler to build. Since nightly sometimes could break code and it requires users to type cargo +nightly install rmz cpz, I propose that we could let them use cargo-binstall to download from github release artifacts instead.

P.S. I am one of the maintainers of cargo-binstall

[SUPERCILEX]

Thanks! Unfortunately I think my answer is going to have to be no. Here's my thinking:

The download-a-binary vs cargo ecosystems target different audiences IMO: the download-a-binary people don't want to have to install anything. Some people even want to be free of libc. Telling people to install cargo, install binstall, and then use that to download the binary seems odd to me. Now if people already have binstall setup, then of course they can use it to skip compilation, but they should know that without needing a README entry. I think you could also argue that the cargo people want local compilation so they don't have to trust the releases page to not have malicious binaries. I could very easily compile a malicious version on my machine, delete the CI uploaded one, and upload mine. Using cargo install prevents that to the extent that you trust the source code and compiler to not be compromised.

[NobodyXu]

Telling people to install cargo, install binstall, and then use that to download the binary seems odd to me.

Ehhh cargo-binstall also has pre-built binaries and has clear instructions on how to install them.

I think you could also argue that the cargo people want local compilation so they don't have to trust the releases page to not have malicious binaries.

If they don't trust your release artifacts, then should not use your software at all since the easiest way to add backdoors would be to modify the software.

cargo install prevents that to the extent that you trust the source code and compiler to not be compromised.

No it does not. Unless they run rmz and cpz in a sandbox (e.g. with firejail), otherwise, they already trusts your code by downloading your software.

[SUPERCILEX]

Ehhh cargo-binstall also has pre-built binaries and has clear instructions on how to install them.

I mean true, but that's an extra unnecessary step. People who use binstall will already know they can cargo binstall instead of cargo install so I don't see how the readme entry adds value from a "how do I install this thing" perspective.

they already trusts your code by downloading your software

Right, my point was that if they trust the source code that's on crates.io (and the compiler), they're good. However, downloading a binary from the releases page requires them trusting me personally because what's in the binary can be completely different from the source code on github.

---

I'm gonna leave things as is for now. Thanks for the suggestion though.