Maybe add entry for "what it does"?

[rugk]

Like F-Droid antifeatures maybe list what "dangerous" actions it does, or what it does in general. In one short sentence, so you can estimate the risk.

E.g. like I did in #8:

What it does: It downloads the (correct) "rustup-init" binary from https://static.rust-lang.org and executes it to install rustup and rust.

[aral]

I like the idea but I wonder about maintainability as well as ease of submitting validations. Submitting a validation should take almost no time as the person has already invested time in reviewing the script (we must respect people’s time).

That said, perhaps we can flip it on its head:

Any installation script should be doing the following:

1. Download a binary
2. Move it to a place on your path

If a script does anything else that’s out of the ordinary, we should ask people to note that.

Then again, if it’s doing something out of the ordinary and we feel we need to warn people about it, perhaps that’s no longer a validation but a warning. So perhaps what we need, in addition to validations, is a list of warnings: scripts that have been reviewed but are not recommended for installation due to <insert reasons here>.

[rugk]

And 3. (possibly) execute that binary.