| ▲ | politelemon 3 days ago |
| Please don't use or suggest using homebrew as a Linux installation solution. It's better to simply point at the binaries directly. |
|
| ▲ | OptionOfT 3 days ago | parent | next [-] |
| Why? Is it the best out there? No. But it does work, and it provides me with updates for my tools. Random curl scripts don't auto-update. Me downloading executables and dropping them in /bin, /sbin, /usr/bin or wherever I'm supposed to drop them [0] also isn't secure. [0] https://news.ycombinator.com/item?id=46487921 Also, I find it is usually better to follow up with something like: 'It's better to use Y instead of X BECAUSE of reasons O, P, Q, R & S' vs making a blanket statement like 'Don't use X, use this other insecure solution instead', as that way I get to learn something too. |
| |
| ▲ | rodrigodlu 3 days ago | parent [-] | | I use mise to update binaries. Especially TUIs that are not on the arch repos. It supports several backends, from cargo crates to GitHub releases, to uv for python and so on. So one doesn't really need homebrew that has Linux as third class citizen (with the 2nd class empty) |
|
|
| ▲ | colesantiago 3 days ago | parent | prev | next [-] |
| What's the problem with Homebrew? > It's better to simply point at the binaries directly. Binaries aren't at all signed and can be malicious and do dangerous things. Especially if it's using curl | bash to install binaries. |
| |
| ▲ | yoavm 3 days ago | parent | next [-] | | Are you using Homebrew on Linux? Genuinely curious - I never met a Linux user doing that. | | | |
| ▲ | -mlv 3 days ago | parent | prev [-] | | I had some issues with brew breaking up my system and pkg-config. | | |
| ▲ | colesantiago 3 days ago | parent [-] | | It is a bit hard to know what the issue is here. But on average brew is much more safer than downloading a binary from the ether where we don't know what it does. I see more tools use the curl | bash install pattern as well, which is completely insecure and very vulnerable to machines. Looks like the best way to install these tools is to build it yourself, i.e. make install, etc. | | |
| ▲ | garblegarble 3 days ago | parent [-] | | >the best way to install these tools is to build it yourself, i.e. make install, etc. And you're fully auditing the source code before you run make, right? I don't know anyone who does, but you're handing over just as much control as with curl|bash from the developer's site, or brew install, you're just adding more steps... | | |
| ▲ | colesantiago 3 days ago | parent [-] | | > And you're fully auditing the source code before you run make. I mean you can? But that is the whole point when the source is available, it is easier to audit, rather than binaries. Even with brew, the brew maintainers have already audited the code, and it the source to install and even install using --HEAD is hosted on brew's CDN. | | |
| ▲ | garblegarble a day ago | parent [-] | | >Even with brew, the brew maintainers have already audited the code Realistically, how much are they auditing? I absolutely agree with your sentiment that it's better than a binary, but I think the whole security model we have is far too trusting because of the historically overwhelming number of good-faith actors in our area both in industry and hobbyists |
|
|
|
|
|
|
| ▲ | rswail 3 days ago | parent | prev | next [-] |
| Also don't use Homebrew on MacOS because it screws around in /usr/local and still hasn't worked out how root is supposed to work. Use Macports, it's tidy, installs into /opt/macports, works with Apple's frameworks and language configuration (for python, java etc), builds from upstream sources + patches, has variants to add/remove features, supports "port select" to have multiple versions installed in parallel. Just a better solution all around. |
|
| ▲ | yarekt 3 days ago | parent | prev | next [-] |
| Nice, download a random binary off the internet and give it your AWS credentials. Please people, inspect the source to your tools, or don't use them on production accounts. |
| |
| ▲ | thejazzman 3 days ago | parent | next [-] | | How did you install homebrew? | | | |
| ▲ | viraptor 3 days ago | parent | prev [-] | | > Please people, inspect the source to your tools, or don't use them on production accounts. This is not realistic. Approximately nobody installing AWS cli has reviewed its code. | | |
| ▲ | johntash 3 days ago | parent [-] | | Official AWS cli from AWS is a bit different than "random binary off the internet"? |
|
|
|
| ▲ | dangus 3 days ago | parent | prev | next [-] |
| As a user of immutable Linux (bazzite), I suggest speaking for yourself and not for others. On my platform, Homebrew is a preferred method for installing CLI tools. I also personally happen to like it better on Linux than Mac (it seems faster/better). https://docs.bazzite.gg/Installing_and_Managing_Software/ |
|
| ▲ | frenzcan 3 days ago | parent | prev | next [-] |
| What’s the issue with homebrew? |
| |
| ▲ | astrea 3 days ago | parent [-] | | It’s specifically a Mac workaround package manager. There’s better/cleaner ways to do it on Linux. | | |
| ▲ | bbkane 3 days ago | parent | next [-] | | I love Debian's stability, but I rely on Homebrew (instead of apt) to get more recent releases of software. Overall it works swimmingly! | |
| ▲ | dangus 3 days ago | parent | prev | next [-] | | Unless you have immutable Linux where Homebrew is a preferred method of CLI tool installation. https://docs.bazzite.gg/Installing_and_Managing_Software/ Linux is just a kernel, not everyone agrees on what is “better” and “cleaner” to use with it! | |
| ▲ | hollerith 20 hours ago | parent | prev [-] | | Don't let the beer emoji in the program's output fool you: unlike most Linux package managers,
Homebrew has undergone a professional security audit, and is used (along with Flatpak and Ostree) by Secureblue. |
|
|
|
| ▲ | jbreckmckye 3 days ago | parent | prev | next [-] |
| What's wrong with Brew? |
| |
|
| ▲ | purerandomness 3 days ago | parent | prev [-] |
| brew is for users of non-Arch distros who want to experience what using Arch feels like. |
