| ▲ | devkit1 9 hours ago | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
If I understand the issue correctly, it appears that this change primarily impacts casks on macOS. In fact it looks like it may only impact casks. Casks are used to install binary packaged software, often in the form of a dmg or pkg file on macOS. Most people I know are not installing too many casks, and most of the ones I've seen install signed binaries anyway. The important thing for me with this is that it doesnt appear to impact homebrew's ability to download, compile, and install open source software. And that is the main thing I use homebrew for. I believe that is true for most people too, but I fully expect to learn very quickly if there are a bunch of taps in use by people that distribute unsigned binary installers of software for macOS. :-) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | pxc 8 hours ago | parent | next [-] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
> Most people I know are not installing too many casks Casks are the only things Homebrew does that some other package manager available on macOS doesn't reliably do better. Nix, Pkgsrc, MacPorts, and (and now Spack) all have better fundamental designs; sane, multi-user-friendly permissions; and enough isolation from the base system that they break neither each other nor manually-installed software. I use Homebrew exclusively tucked away in isolated prefixes, only to install casks, and without ever putting any binaries it installs along the way on my PATH. I don't remember which programs it is, exactly, but I do use a few that are unsigned. It also doesn't seem to me that the signing process is as vital in determining actual risk as the curation and moderation processes involved in maintaining "third-party" software distributions like Homebrew or Debian or whatever. `--no-quarantine` in particular is one of the conveniences that makes Homebrew casks useful. If I have to give my consent anew for each app update, I might as well install the apps manually and live in the usual auto-update pop-up hell. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | saghm 8 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
> The important thing for me with this is that it doesnt appear to impact homebrew's ability to download, compile, and install open source software. And that is the main thing I use homebrew for. I believe that is true for most people too FWIW I don't think brew has been compiling on installation even open source things by default for a while now[1]: > Homebrew provides pre-built binary packages for many formulae. These are referred to as bottles and are available at https://github.com/Homebrew/homebrew-core/packages. The link shows close to 300 pages of precompiled packages available, and that section ends with the sentence "We aim to bottle everything". I don't think this necessarily changes anything you've stated with regards to the flag being removed as described in the Github issue linked by OP, but I think it's still worth noting because this is markedly different than how homebrew distributed things in the past, so others might not be aware of this change either. [1]: I assume the heading title for this docs section predates this change, but the docs section I'm referencing is https://docs.brew.sh/FAQ#why-do-you-compile-everything | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | shantara 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Two popular apps mentioned in the earlier discussion in Homebrew repo are Librewolf and Freetube. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | dktalks 6 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Not exactly, I have automated stuff which uses python and does rar and unrar and it's installed through brew, it is not a cask, but every time I do brew update, my code will fail to run because it was updated. This is like buying a machine and not having the ability to do whatever you want with it. Oh who are we kidding, that's what is happening anyways. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | bloppe 6 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This is a silly distinction. You can always include pre-built object files in your "source code" formula, then the build step is just linking it into an executable locally. That would bypass the quarantine attribute and effectively retain the ability to distribute pre-built binaries without gatekeeper getting involved. Seems like only a matter of time before someone at Apple realizes this and takes the necessary measures to protect you from yourself. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ▲ | guelo 8 hours ago | parent | prev [-] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
casks are mostly for GUI or other apps that need special installation like setting up background services. I've seen it used for IT laptop provisioning to automate the installation of things like Chrome, Slack, Visual Studio, from the command line. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||