1) This installs EGOTextMateFullScreen plugin (https://github.com/enormego/EGOTextMateFullScreen). I didn't write it and author didn't put a package out.

2) URL Shortening? I didn't have time to write the CSS to format my code on the page. The long links breaks the layout

3) How does it matter how its done as long as it works, especially when I spent more time responding to your comment than writing that script.

> How does it matter how its done as long as it works

Executing unknown scripts hiding behind obfuscated URLs is generally not considered a good idea.

Given that this is a very non-standard and decidedly odd way of distributing a TextMate plug-in, a large degree of skepticism is warranted.

I also was skeptical. A quick read of the contents of the shortened urls reveals nothing nefarious, however.

Did you read the contents in your standard web browser, like I did? What if it sent back a different set of commands if the user agent matched that of cURL?

Well, you're still free to curl the contents of the URL into a standard text file, and view it with the text editor of your choice (maybe even TextMate!).

Updated the blog post

What matters is that it's a terrible hack. Even ignoring the security concerns with "install this completely untrusted code from the internet": there's no way to cleanly recover/uninstall if something breaks; there's no way to tell what version you have (not even in theory, as this clones HEAD!).

Most importantly, there's no chain of authority here. In the Linux world, for example, your packages generally come from the distro and are signed. Down a layer, they might come from a third party repo (rpmfusion, say), which is still a large organization with high visibility and good auditing. Down farther still, there are tools like Launchpad or openSUSE's OBS which allow you to build installable pacakges of your own, but these are still distributed out of a managed infrastructure and your identity is reasonably tracked. Finally at the bottom are the people ("developers") who like to pull raw source code and compile it. These people are expected to be communicating as part of a project, so they can be warned about compatibility goofs or (goodness forbid) the occasional malware incident.

This "pull and install automatically" gives you the ease of use of the top level, but an even weaker promise of authority than even the bottom level. That's a bad thing.

I hate it when people do this.

If you look at the script it's only three freaking commands, one of them a git clone.

We're not bumbling idiots who can't type (or copy & paste) into a terminal.

rvm and pow.cx also do this.

That's a little different, pow.cx and rvm are running installer scripts to get other scripts into place on your system and add them to your .bash_profile.

This is having you run through a bunch of rigamarole to download and compile source for a plugin, and then triggering textmate to install said plugin, when you could achieve the same effect by distributing the binary plug-in and having the user double-click it.

don't forget the 'j.mp' URL-shortener!