5.0.0
brew.sh
Today, I’d like to announce Homebrew 5.0.0. The most significant changes since 4.6.0 are download concurrency by default, official support for Linux ARM64/AArch64, timescales for deprecating macOS Intel and removing macOS Gatekeeper bypass behaviours.

Shame on you, Homebrew, for effectively killing FOSS apps from casks.

  • KoalaUnknown@lemmy.worldEnglish
    23·
    7 hours ago

    Their explanation as to why:

    --no-quarantine is used to forcibly bypass Gatekeeper, which is a built-in macOS security mechanism. This is used to run unsigned/unnotarized applications.

    macOS Tahoe is the final release to support Intel systems, and last year Apple updated macOS runtime protection to make it harder to override Gatekeeper. Macs with Apple silicon also don’t “permit native arm64 code to execute unless a valid signature is attached”. Finally, we are ending support for all casks that fail Gatekeeper checks on September 1st, 2026.

    With the above in mind, it’s time to deprecate the --no-quarantine flag from brew. It intentionally bypasses macOS security mechanisms, which we already actively discourage. Deprecating now will give a decent lead time for users using it to come up with another solution or adjust their workflows.

    • arcterus@piefed.blahaj.zoneEnglish
      11·
      6 hours ago

      Deprecating now will give a decent lead time for users using it to come up with another solution or adjust their workflows.

      The adjusted solution/workflow: use something other than homebrew

      • dreadbeef@lemmy.dbzer0.comEnglish
        1·
        32 minutes ago

        I mean, theres macports and what else? Is macports even kickin still? No other package managers other than homebrew

        • arcterus@piefed.blahaj.zoneEnglish
          7·
          4 hours ago

          By doing what homebrew currently does when you pass the --no-quarantine flag, which is call xattr.

          Note that I’d probably support removing --no-quarantine if Apple’s notarization service was free.

          • monogram@feddit.nlEnglish
            2·
            1 hour ago

            Notarisation, free (as in beer) limits your ability to run your code that (Corporate) doesn’t like, making it inherently non free (as in freedom).

            • arcterus@piefed.blahaj.zoneEnglish
              3·
              20 minutes ago

              Yes, but you can still compile the code yourself. It’s only problematic for binary distribution. This is basically a question of balancing security vs. freedom I suppose.