You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Provide a detailed description of the proposed feature
Allow a user to opt in to hooks on brew fetch usage. Something like HOMEBREW_FETCH_HOOKS=archive-org,virustotal
What is the motivation for the feature?
Issues like Homebrew/homebrew-core#162013 would benefit from access to the tarbal from the last time the formula went through CI. That would make it much easier to see what changed and rule it problematic or not.
How will the feature be relevant to at least 90% of Homebrew users?
It would allow people to:
extract the last working version of formula sources
have brew submit casks to virustotal
easily compare a changed checksum
What alternatives to the feature have been considered?
None
The text was updated successfully, but these errors were encountered:
Issues like Homebrew/homebrew-core#162013 would benefit from access to the tarbal from the last time the formula went through CI. That would make it much easier to see what changed and rule it problematic or not.
extract the last working version of formula sources
I don't think we should be using archive.org to cache every tarball we put through CI just in case this occurs again. Whether or not they explicitly forbid it, it seems like a gross misuse of resources.
have brew submit casks to virustotal
What would this solve? I've seen nothing but false positives from these tools interactions with Homebrew over the years. It also does nothing to catch e.g. someone who pushes a (new) bitcoin miner or personal information uploader.
easily compare a changed checksum
It seems we have this already with storing checksums in formulae?
To be clear: I think there may well be problems here worth addressing: I just don't think the proposed solutions are the right one or that it's best to jump to a solution without a wider understanding of the problem.
Verification
brew install wget
. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/new/choose instead.Provide a detailed description of the proposed feature
Allow a user to opt in to hooks on
brew fetch
usage. Something likeHOMEBREW_FETCH_HOOKS=archive-org,virustotal
What is the motivation for the feature?
Issues like Homebrew/homebrew-core#162013 would benefit from access to the tarbal from the last time the formula went through CI. That would make it much easier to see what changed and rule it problematic or not.
How will the feature be relevant to at least 90% of Homebrew users?
It would allow people to:
What alternatives to the feature have been considered?
None
The text was updated successfully, but these errors were encountered: