Over the next few days, Homebrew’s repositories will begin to transition from PGP-based signing to SSH-based signing for @BrewTestBot commits.| Homebrew
Homebrew is pleased to congratulate Workbrew on their 1.0 launch today. Workbrew is a company founded by several Homebrew members and the Project Leader, @MikeMcQuaid, to use Homebrew as the foundation of a secure software delivery platform. Workbrew’s product is out of beta and ready to solve your workplace’s problems with securing Homebrew at scale, so go check it out!| Homebrew
Today, I’d like to announce Homebrew 4.4.0. The most significant changes since 4.3.0 are official macOS Sequoia (15) support, INSTALL_RECEIPT.json files for casks, macOS Monterey (12) deprecation and various other deprecations.| Homebrew
Homebrew had a security audit performed in 2023. This audit was funded by the Open Technology Fund and conducted by Trail of Bits. Trail of Bits’ report contained 25 items, of which 16 were fixed, 3 are in progress, and 6 are acknowledged by Homebrew’s maintainers. Below is the scope of testing, findings by severity, and mitigation and acknowledgements.| Homebrew
The Homebrew Summer 2024 Hackathon brought together maintainers from across the globe to focus on enhancing security and performance aspects of Homebrew. Held July 16 to July 20 and hosted at IndyHall in Philadelphia, the event aimed to address issues identified in last year’s security audit from Trail of Bits, and to optimize the software’s performance. This post will share outcomes from the event, evaluate the effectiveness of the gathering, and serve as a blueprint for other open sourc...| Homebrew
この記事は日本語でも投稿されています: https://blog.ryotak.net/post/homebrew-security-incident/ (もし日本語が読める場合、筆者は英語がそこまで得意ではないため、日本語の記事を読むことをお勧めします。) (Official blog post about this incident is available here: https://brew.sh/2021/04/21/security-incident-disclosure/) Preface Homebrew project is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to...| blog.ryotak.net