-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow hooks for submitting brew fetch
to third-parties
#16619
Comments
I don't think we should be using archive.org to cache every tarball we put through CI just in case this occurs again. Whether or not they explicitly forbid it, it seems like a gross misuse of resources.
What would this solve? I've seen nothing but false positives from these tools interactions with Homebrew over the years. It also does nothing to catch e.g. someone who pushes a (new) bitcoin miner or personal information uploader.
It seems we have this already with storing checksums in formulae? To be clear: I think there may well be problems here worth addressing: I just don't think the proposed solutions are the right one or that it's best to jump to a solution without a wider understanding of the problem. |
Passing on this for now. Will still consider a PR but it seems that it's not widely demanded functionality. |
Verification
brew install wget
. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/new/choose instead.Provide a detailed description of the proposed feature
Allow a user to opt in to hooks on
brew fetch
usage. Something likeHOMEBREW_FETCH_HOOKS=archive-org,virustotal
What is the motivation for the feature?
Issues like Homebrew/homebrew-core#162013 would benefit from access to the tarbal from the last time the formula went through CI. That would make it much easier to see what changed and rule it problematic or not.
How will the feature be relevant to at least 90% of Homebrew users?
It would allow people to:
What alternatives to the feature have been considered?
None
The text was updated successfully, but these errors were encountered: