Hacker Newsnew | past | comments | ask | show | jobs | submit | D4AHNGM's commentslogin

If you want only that little description you can use `brew desc <formula>` as well.


Without going into the rest of your points, which seem bizarrely furious at a piece of software, nothing about Homebrew forces you to live inside `/usr/local`.

It is recommended, but if you want to run in `/opt/brew` or `~/brew` you'll get a warning some things may not work but that's it. There's no hard block, and the vast majority of core formulae can pour their bottles anywhere.


There's actually an `analytics` command that saves you even having to manually do this. `brew analytics --help` shows the options.


Thankfully, none of Homebrew's binaries are stored on GitHub.

Most of the changes committed to Homebrew are formulae-based; of the ~5600 contributors in Homebrew's lifetime only ~430 have contributed to the core code.


cocoapod's binaries are not stored in the problematic specs repository, cocoapods/specs only stores the equivalent of homebrew formulas (podspecs).


  ~/Library/Application Support/Google/Chrome/
  ~/Library/Google/GoogleSoftwareUpdate/
  ~/Library/Google/Google Chrome Brand.plist
  ~/Library/LaunchAgents/com.google.keystone.agent.plist
  ~/Library/Caches/Google
  ~/Library/Preferences/com.google.Chrome.plist
  ~/Library/Preferences/com.google.Keystone.Agent.plist
Nowhere outrageously surprising, really.


Homebrew's creator hasn't been involved with Homebrew for nearly two years now.


Not sure why you're looking at Homebrew.

If you're feeling jumpy about binary packages, just set `HOMEBREW_BUILD_FROM_SOURCE="1"` in your shell profile.

Nobody's forcing binaries onto you.


True, but I don't have all the time in the world to read the sources, either ..


Then you should not install them on a machine with confidential data at all, source or binary. It's that simple!


Certain things are still being tested/rebuilt to work with the latest GCC.

https://github.com/Homebrew/homebrew/pull/36926


Minor highlight: Debian 8 ships with an OpenSSL which has SSLv3 disabled at compile-time.


Do you mean that only TLS is supported now?


Aye. The Debian compile rules for Jessie's OpenSSL include "no-ssl2 no-ssl3 no-ssl3-method" so it's just TLS1.0 onwards available.


SSLv3 is so 1996... Please, please, please with sugar on top, use TLS only. Also there are lots of changes in the software world in the last 20 years, which the SSL codebase didn't keep up with (mainly meaning OpenSSL).


Checked Google Chrome prior to update, said it was vulnerable. Updated and now it isn't. Firefox 37 on OS X wasn't vulnerable apparently.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: