Comment by colesantiago
3 days ago
What's the problem with Homebrew?
> It's better to simply point at the binaries directly.
Binaries aren't at all signed and can be malicious and do dangerous things.
Especially if it's using curl | bash to install binaries.
Are you using Homebrew on Linux? Genuinely curious - I never met a Linux user doing that.
Brew actually works very nicely for Linux and is a useful method to enable package management of cli tools/libraries at the user level.
It's also widely accepted as one of the tools of choice for package persistence on immutable distros (distrobox/toolbox is also another approach):
https://docs.projectbluefin.io/bluefin-dx/
Also, for example I use it for package management for KASM workspaces:
https://gist.github.com/jgbrwn/28645fcf4ac5a4176f715a6f9b170...
Linuxbrew is absolutely fantastic. No need to mess with apt repositories and can keep custom binaries separate from the os. Almost everything is there, and it just works.
At least one other person also does:
> as long as I have a basic Linux environment, Homebrew, and Steam
https://xeiaso.net/blog/2025/yotld/ (An year of the Linux Desktop)
I guess some post-macOS users might bring it with them when moving. If it works :shrug:
I had some issues with brew breaking up my system and pkg-config.
It is a bit hard to know what the issue is here.
But on average brew is much more safer than downloading a binary from the ether where we don't know what it does.
I see more tools use the curl | bash install pattern as well, which is completely insecure and very vulnerable to machines.
Looks like the best way to install these tools is to build it yourself, i.e. make install, etc.
>the best way to install these tools is to build it yourself, i.e. make install, etc.
And you're fully auditing the source code before you run make, right? I don't know anyone who does, but you're handing over just as much control as with curl|bash from the developer's site, or brew install, you're just adding more steps...
2 replies →