Joel VanderWerf wrote:

> Gavin Sinclair wrote:
> 
...
>>
>> Let's hope _why's site doesn't get hacked.  Wouldn't want to eval
>> something nasty!
> 
> 
> Dunno. Is this any worse than manually downloading a .tgz or .gem from a 
> site that may have been hacked?

Somewhat, in that you can first examine the source before running it.

I suspect that, in actual practice, most people simply trust the source.

But having a tarball also means you can re-install an earlier version if 
a newer one causes problems (assuming you keep the old one around.)

James