Homebrew 6.0: developer supply chain icin acik trust
Homebrew 6.0 tap trust, Linux sandbox, brew vulns ve Brewfile iyilestirmeleri getiriyor. Laptop ve CI supply chain yuzeyi sayilmali.
Supply-chain read
Risk: approval fatigue ve bozulan bootstrap scripts. Sadece official taps kullananlarda degisim daha az gorunur.
What happened
Homebrew 6.0.0, 11 Haziran 2026’da tap trust, default JSON API, Linux sandboxing, brew bundle iyilestirmeleri, performans ve macOS 27 destegiyle cikti.
Why it matters
Tap formulae, casks ve commands icerebilir. Third-party tap Ruby calistirabilir, bu yuzden trust team policy olmali.
Community signal
Topluluk sinyali Intel Mac takvimi ve trust UX uzerinde surtunme gosteriyor. Uninstall ve cleanup trust kararinin tum lifecycle icin gecerli oldugunu gosterir.
Checklist
Checklist: brew tap inventory, specific trust, Brewfile review, CI prompt testi, periyodik brew vulns.
Risks
Risk: approval fatigue ve bozulan bootstrap scripts. Sadece official taps kullananlarda degisim daha az gorunur.
Team policy map
| Area | Decision | Why |
|---|---|---|
| Taps | Official, internal, or third-party | A tap can execute code on developer machines. |
| Brewfile | Reviewed environment state | Bootstrap is part of supply chain control. |
| Linux CI | Sandbox canary | Source builds may assume filesystem or network access. |
| Audit | brew vulns plus scanner policy | Workstation risk needs a lightweight signal. |
Checklist
• Checklist: brew tap inventory, specific trust, Brewfile review, CI prompt testi, periyodik brew vulns.