When I use apt-get I am downloading from debian.org, where at least there will be a record of what was executed. Further, I trust debian.org more than some random github repo.
When I use curl|sh, I could execute hidden text, e.g. through a Javascript command, which automatically executes the code and then deletes it from my history. At a future date, there is no way for me to know whether something malicious was executed, since the website may remove the malicious code when they get called out.
When I use curl|sh, I could execute hidden text, e.g. through a Javascript command, which automatically executes the code and then deletes it from my history. At a future date, there is no way for me to know whether something malicious was executed, since the website may remove the malicious code when they get called out.