

The Heroku Toolbelt - pearkes
http://toolbelt.heroku.com/

======
LeafStorm
The Linux version of this is horribly wrong in so many ways. For one, you're
downloading a shell script and running it with root privileges. A shell script
that loads someone else's key into your system's database of trusted package
signing keys, and then installs a package that can do just about anything to
your system, including `rm -rf /*`.

And beyond the immediate security issues, this tramples both on the system git
packages (because I doubt that Heroku uses so many advanced git features that
they need the latest version) and on however you or your distro use RubyGems.
Really, it would be far better to link to a page that tells you:

    
    
        sudo apt-get install git-core rubygems
        sudo gem install heroku foreman

~~~
ddollar
Thanks for the feedback!

We made the script a link so you could check out what's going on before
running it.

The heroku-toolbelt .deb actually depends on system git-core and ruby1.9.1 so
we shouldn't be trampling anything.

~~~
LeafStorm
Which is better than most people who just say "curl <http://shortened.url/> |
sudo sh", but inspecting the script doesn't really reveal much about what
actually happens during the _install_. It basically just says, "We're adding
this repo to your system, you'll just have to install heroku-toolbelt and see
what happens!"

------
peregrine
How is this different then the gem? Is it just a package of the gem?

~~~
technomancy
It's primarily intended for folks who don't come from a Ruby background and
prefer their OS-native installation methods to rubygems. If you're happy using
the gem, carry on.

~~~
fingerprinter
I personally use RVM and gems, but like this approach for other people that
haven't gone that way.

But instead of a shell script, can we get heroku-toolbelt into Ubuntu Software
Center? Linux devs are pretty particular with what they run at the
shell...know your audience and all.

~~~
technomancy
Debian packaging has the widest reach by far, and rolling our own repo is
something we have control over, so it makes the most sense as a first step. We
may consider a PPA or possibly even submitting it for inclusion into something
like Ubuntu universe at some point in the future.

------
Jd
This should probably be called the Heroku OS X Client, rather than giving it a
new name (i.e. "Toolbelt") and implying that it is something new.

