app bundles can “provide” file extension bindings that cause things to open in them. app bundles should be able to “provide” a bin/ directory that gets added (appended, not prepended!) to your PATH while you have the package available on disk + non-quarantined. I think the idea is that there should be an option to have Apple-App-Store-audited capability-manifest-sandboxed CLI apps with auto-updates, as well as untrusted, non-sandboxed CLI apps.ġ. In fact, I would argue that the other package managers that use sudo are taking the easy way out (albeit insecure). I don't think the current solution is perfect, but I do think the motivation to prevent usage of sudo is correct in terms of security. If you have a multi-user computer, you can install Homebrew to a local user folder to have isolation and not using a global location like /opt/homebrew, or you can make a special Homebrew user account (rather than using root), which is what the docs suggest ( ). Instead, Homebrew prefers to run in a user account, default to yours. (Note that /opt/homebrew is not world writable as you suggested.
Most package manager forces you to use sudo to run them as root, and I think that's much much worse in terms of security practices and encourages the wrong behaviors and potentially allowing build/install scripts to wreck havoc on your system. It does matter though? /opt/homebrew is specifically used by Homebrew, whereas /usr/local is kind of a more shared location that old Homebrew hijacked.Įither way, I think bad default folders is better than bad default security practices.
0 kommentar(er)
