-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Homebrew isn't secure #467
Comments
That is a great point: Homebrew's security posture and risk should be better qualified and the current statement does not offer much assurance. Running any third party software is not without its risks and Homebrew is certainly no exception. Let's find a way to objectively explain what those risks are, for example by referencing that article, especially keeping in mind some of the software is running with privileges. As always, specific examples will help demonstrate the value of spending time to secure something. Would you like to start a PR and we can collaborate on some ideas together? Some of the brew programs' functionality is quite useful even in spite of risk, so I hesitate removing them, but let's identify the details as we go. |
Done. |
This sentence is misleading as using TLS doesn't mean anything about the programs (Homebrew) own security. Using TLS is the bare minimum and should be default anyway.
From https://sector7.computest.nl/post/2024-04-bringing-process-injection-into-view-exploiting-all-macos-apps-using-nib-files/
Your Guide uses a lot the "brew" command so just removing the Homebew part will break these too and I'm sure you want a replacement or even none change at all.
A security guide shouldn't recommend such a program which itself is a security nightmare.
The text was updated successfully, but these errors were encountered: