document disadvantages of poetry's curl | python3 installation suggestion

linkml / linkml-project-cookiecutter

A cookiecutter for linkml projects. An equivalent of `linkml-ws new project-name`.

Creative Commons Zero v1.0 Universal

14 stars 16 forks source link

document disadvantages of poetry's curl | python3 installation suggestion #80

Closed turbomam closed 7 months ago

turbomam commented 7 months ago

security risk: takes unknown bytes from some web address and pipes them through an interpreter
loss of control regarding installation directory

I'm still inclined to use this piping installation approach, but maybe we should make this decision process more transparent, and not imply that it is globally a prudent installation method

pkalita-lbl commented 7 months ago

This project's instructions now reflect Poetry's own recommendation which is to install with pipx.