>http://brew.sh/ the home site shows a simple wget example for homebrew formulae... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jjn2009 on Nov 23, 2016 | parent | context | favorite | on: A practical guide to securing macOS

>http://brew.sh/ the home site shows a simple wget example for homebrew formulae

the chain of trust is solid up until make and configure happen, at that point any number of things could happen so it's a question of whether or not you trust whatever scripts its running.

unless homebrew has some sort of enforcement on what that script can do it could do anything. This is why its a really good thing that homebrew does not require root.

mikemcquaid on Nov 24, 2016 [–]

> unless homebrew has some sort of enforcement on what that script can do

Anything from our Homebrew/core (i.e. wget) uses the macOS sandbox to prevent writes outside of permitted locations.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact