And with that response, I hope you and your project are very happy together and wish you the best of luck.

not my project, but thank you nonetheless

I think he might be trying to point out the fact that it ought to point you to your package manager, and not some dodgy shell script.

In that case, maybe they should have said so explicitly?

I don't feel like I should have to be telepathic to understand what commenters are trying to say.

Rhetorical question: If they don't trust the project why would they trust binaries through a package manager.

I am sure the authors provide those shell scripts to ease the burden of installation for users so dragging them down into being "dodgy" is really really unfriendly.