Why?

Is it the best out there? No. But it does work, and it provides me with updates for my tools.

Random curl scripts don't auto-update.

Me downloading executables and dropping them in /bin, /sbin, /usr/bin or wherever I'm supposed to drop them [0] also isn't secure.

[0] https://news.ycombinator.com/item?id=46487921

Also, I find it is usually better to follow up with something like:

'It's better to use Y instead of X BECAUSE of reasons O, P, Q, R & S' vs making a blanket statement like 'Don't use X, use this other insecure solution instead', as that way I get to learn something too.

I use mise to update binaries. Especially TUIs that are not on the arch repos. It supports several backends, from cargo crates to GitHub releases, to uv for python and so on.

So one doesn't really need homebrew that has Linux as third class citizen (with the 2nd class empty)

What's the problem with Homebrew?

> It's better to simply point at the binaries directly.

Binaries aren't at all signed and can be malicious and do dangerous things.

Especially if it's using curl | bash to install binaries.

Are you using Homebrew on Linux? Genuinely curious - I never met a Linux user doing that.

Brew actually works very nicely for Linux and is a useful method to enable package management of cli tools/libraries at the user level.

It's also widely accepted as one of the tools of choice for package persistence on immutable distros (distrobox/toolbox is also another approach):

https://docs.projectbluefin.io/bluefin-dx/

Also, for example I use it for package management for KASM workspaces:

https://gist.github.com/jgbrwn/28645fcf4ac5a4176f715a6f9b170...

Linuxbrew is absolutely fantastic. No need to mess with apt repositories and can keep custom binaries separate from the os. Almost everything is there, and it just works.

At least one other person also does:

> as long as I have a basic Linux environment, Homebrew, and Steam

https://xeiaso.net/blog/2025/yotld/ (An year of the Linux Desktop)

I guess some post-macOS users might bring it with them when moving. If it works :shrug:

I had some issues with brew breaking up my system and pkg-config.

It is a bit hard to know what the issue is here.

But on average brew is much more safer than downloading a binary from the ether where we don't know what it does.

I see more tools use the curl | bash install pattern as well, which is completely insecure and very vulnerable to machines.

Looks like the best way to install these tools is to build it yourself, i.e. make install, etc.

>the best way to install these tools is to build it yourself, i.e. make install, etc.

And you're fully auditing the source code before you run make, right? I don't know anyone who does, but you're handing over just as much control as with curl|bash from the developer's site, or brew install, you're just adding more steps...

> And you're fully auditing the source code before you run make.

I mean you can?

But that is the whole point when the source is available, it is easier to audit, rather than binaries.

Even with brew, the brew maintainers have already audited the code, and it the source to install and even install using --HEAD is hosted on brew's CDN.

>Even with brew, the brew maintainers have already audited the code

Realistically, how much are they auditing? I absolutely agree with your sentiment that it's better than a binary, but I think the whole security model we have is far too trusting because of the historically overwhelming number of good-faith actors in our area both in industry and hobbyists

Also don't use Homebrew on MacOS because it screws around in /usr/local and still hasn't worked out how root is supposed to work.

Use Macports, it's tidy, installs into /opt/macports, works with Apple's frameworks and language configuration (for python, java etc), builds from upstream sources + patches, has variants to add/remove features, supports "port select" to have multiple versions installed in parallel.

Just a better solution all around.

Nice, download a random binary off the internet and give it your AWS credentials.

Please people, inspect the source to your tools, or don't use them on production accounts.

How did you install homebrew?

Comes with my district (bazzite). It’s a preferred solution for that distro in particular because it is convenient for immutable Linux.

https://docs.bazzite.gg/Installing_and_Managing_Software/

> Please people, inspect the source to your tools, or don't use them on production accounts.

This is not realistic. Approximately nobody installing AWS cli has reviewed its code.

Official AWS cli from AWS is a bit different than "random binary off the internet"?

As a user of immutable Linux (bazzite), I suggest speaking for yourself and not for others.

On my platform, Homebrew is a preferred method for installing CLI tools. I also personally happen to like it better on Linux than Mac (it seems faster/better).

https://docs.bazzite.gg/Installing_and_Managing_Software/

What’s the issue with homebrew?

It’s specifically a Mac workaround package manager. There’s better/cleaner ways to do it on Linux.

I love Debian's stability, but I rely on Homebrew (instead of apt) to get more recent releases of software. Overall it works swimmingly!

Don't let the beer emoji in the program's output fool you: unlike most Linux package managers, Homebrew has undergone a professional security audit, and is used (along with Flatpak and Ostree) by Secureblue.

Unless you have immutable Linux where Homebrew is a preferred method of CLI tool installation.

https://docs.bazzite.gg/Installing_and_Managing_Software/

Linux is just a kernel, not everyone agrees on what is “better” and “cleaner” to use with it!

What's wrong with Brew?

What is the error? We can continue on github, I can do my best