| ▲ | pxc 8 hours ago | ||||||||||||||||||||||
> Most people I know are not installing too many casks Casks are the only things Homebrew does that some other package manager available on macOS doesn't reliably do better. Nix, Pkgsrc, MacPorts, and (and now Spack) all have better fundamental designs; sane, multi-user-friendly permissions; and enough isolation from the base system that they break neither each other nor manually-installed software. I use Homebrew exclusively tucked away in isolated prefixes, only to install casks, and without ever putting any binaries it installs along the way on my PATH. I don't remember which programs it is, exactly, but I do use a few that are unsigned. It also doesn't seem to me that the signing process is as vital in determining actual risk as the curation and moderation processes involved in maintaining "third-party" software distributions like Homebrew or Debian or whatever. `--no-quarantine` in particular is one of the conveniences that makes Homebrew casks useful. If I have to give my consent anew for each app update, I might as well install the apps manually and live in the usual auto-update pop-up hell. | |||||||||||||||||||||||
| ▲ | alwillis 7 hours ago | parent | next [-] | ||||||||||||||||||||||
> Most people I know are not installing too many casks I did a wipe and install of Tahoe like 2–3 weeks ago and used a Brewfile [1] I've had for years to install ~30 casks via Homebrew, including from the App Store, not to mention 50-60 formulas. As of today, I have 44 casks. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | lilyball 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
I haven't used Homebrew in a long time, but if I ever did it would be in the way that you describe (so far I've always found reasonable alternatives for the software I want). What I'm wondering is if this is entirely to support unsigned casks, why does Homebrew not simply resign the software itself at install time with an adhoc signature as though it had just built it? | |||||||||||||||||||||||
| ▲ | SOLAR_FIELDS 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
Yeah, my nix-darwin config is pretty nice and perfectly hermetic and reproducible, save for a now-growing list of casks in my brew.nix that looks like this: > 1password # breaks in nix, must go in /Applications folder > softwareB # not available in nixpkgs > softwareC # available in nixpkgs, but because nixpkgs maintainers are hardline purists it takes 15 minutes to compile from source and ain't nobody got time for that > softwareD # ostensibly available in nixpkgs, but the package is completely broken (more general case of 1password) Why not wrap the binaries yourself in flake.nix you say? Well, sure, would love to, if it wasn't such a pain in the ass to do so for each one and keep them up to date. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | zbentley 7 hours ago | parent | prev [-] | ||||||||||||||||||||||
> If I have to give my consent anew for each app update, I might as well install the apps manually and live in the usual auto-update pop-up hell. Really? That's a whole lot of UI actions/clicks (and a variable number per .app) versus ... I think two always-the-same UI actions at most. Not like, a huge hassle either way, but I have trouble seeing how Homebrew's not still the winner here even without quarantine bypassing. | |||||||||||||||||||||||