> five minutes to set up a LetsEncrypt certificate
Did you read the LE client source code? Did you verify or set up so that files and directories are with least privilege? All that in five minutes?
Or are you suggesting that the Pharo webmaster git clones certbot onto their web server system and just runs the commands according to the LE getting started guide? That's not a qualitative step-up from "curl ... | bash".
I use acme-tiny. It's a nice short Python script that mostly shells out to OpenSSL. I went through the source code rather carefully, tested it, and then mucked around with file/directory permissions when using it for real. Took me like 12 minutes at least.
I'm kidding about the 12 minutes part, obviously. :-D
There's no excuse not to.
Even better: have the developers agree on a set of GPG signatures to sign their builds with. A bit more complicated...