> Even in that case, my suggestion would be that we just run it in our own CI and block package release. I agree. > open source security scanner that runs on all Homebrew packages and requires a cooldown. I think that…
Glad to see that Homebrew is taking security seriously. Still, I want to minimize the number of parties who can quickly get new code onto my machine. Your doc says "Human review of each release." What does that actually…
Thanks for the update. Is there any chance we can get some kind of cooldown mechanism in Homebrew? The only people I want to trust to quickly ship new code to my machine are Apple and my browser (which handles more…
> Even in that case, my suggestion would be that we just run it in our own CI and block package release. I agree. > open source security scanner that runs on all Homebrew packages and requires a cooldown. I think that…
Glad to see that Homebrew is taking security seriously. Still, I want to minimize the number of parties who can quickly get new code onto my machine. Your doc says "Human review of each release." What does that actually…
Thanks for the update. Is there any chance we can get some kind of cooldown mechanism in Homebrew? The only people I want to trust to quickly ship new code to my machine are Apple and my browser (which handles more…