It is important to realise that you are outsourcing the security of your system to someone else if you blindly run scripts created by others.
I would advise everyone to read through the scripts first and ask the following questions:
How big is the main script and how many other scripts does that script pull in? Do you understand everything the scripts are doing?
How confident are you that there are no bugs in the script (and all the others pulled in)?
What sort of things does the script do and why? Does it do dangerous stuff like overwriting libraries on your system, changing executables, changing environment variables, and inserting stuff in your dot files that get re-run automatically every login?
Do you need to run the script with superuser permissions? And why?
How many eyes are likely to have reviewed and checked this script?
Now compare this script to other scripts that your system software uses that may be built into the system for upgrading packages etc. How many eyes have looked at those built-in scripts and what is your level of trust about them by comparison?
Before people argue with my question 3 above saying that of course such a script needs to install stuff. Answer this: Do you just download and run random scripts to install all your other software packages that your system uses?
Or do you use some sort of standardised package manager that has been audited by the security team and millions of eyes for many years where every minor change has to go through a security audit?
Finally, for the record, it is easily possible to upgrade your cardano-node software without using such customised scripts. It is even possible to get your package manager to do it for you.
You are correct. One should not blindly use someone elses script without knowing what it does first. It is not me who have made that script, but I checked what it does.
I’m simply trying to help people do a successful upgrade. But if the common consensus is that scripts should not be posted on this forum, I’m willing to remove this guide.