Why is Homebrew Cask not the preferred method to install GUI apps?

[Jessica Lares]

Just reintroduce the idea of an installer package, not like Adobe and some others haven't been doing it this way for years. You download it, it might run by itself based on the "open safe files after downloading" option in Safari (and then throw its installer in the trash), and to remove it, About This Mac > Storage > Manage > Applications > and then click the x to delete. OS X would have a registry of what files were added at installation.

 

[posguy99]

Assuming that Caskroom manages to provide a solid and secure foundation in the future, which they currently do not,

And cannot. What you refuse to answer is *why* Cask maintainers would be trusted to not introduce malware (or anything else)?

 

[citizenrich]

Preferences:
AppStore for /Applications, then DMG/package as secondary
Homebrew for command line always
Homebrew cask as last resort

For apps that go into /Applications, I tend to use the AppStore (preference) or download the package/DMG. If the GUI needs to be in /Applications, I don't use homebrew.

If it's command line only, then it's homebrew all the way. I can't recommend it strongly enough. Btw, there may be some confusion in this thread. Cask is one of many sources for homebrew formula but, at least in my use case, every formula I need for homebrew is in homebrew core:
https://github.com/Homebrew/homebrew-core
(There's only one exception for me, and that that is ngrok v2, which is cask only.)

Homebrew is often an available option for developer-oriented packages. Of course, there are clickable packages to easily install node, python, and golang, for example, but I prefer homebrew because it cleans up past versions easily and makes it easy to use compile flags when necessary. And, they are command line apps, so that's all homebrew for me.

FWIW, in StackOverflow, there are often recommendations to use homebrew to manage versions ( especially alongside versions like older system python) of developer packages.
[doublepost=1484111835][/doublepost]

And cannot. What you refuse to answer is *why* Cask maintainers would be trusted to not introduce malware (or anything else)?

The overall cask software is updated regularly, ie. in the last day or so as of now.
https://github.com/caskroom/homebrew-cask

Most importantly, all of the formula are open source. That's not to say that the binary that they point to could be malware, buyer beware for sure, and caution is key. But where the formula points is open for anyone to see. And, if it's something like Atom editor, the formula includes the crypto hash too.

For example:
https://github.com/caskroom/homebrew-cask/blob/master/Casks/atom.rb

 

[posguy99]

Most importantly, all of the formula are open source. That's not to say that the binary that they point to could be malware, buyer beware for sure, and caution is key. But where the formula points is open for anyone to see. And, if it's something like Atom editor, the formula includes the crypto hash too.

For example:
https://github.com/caskroom/homebrew-cask/blob/master/Casks/atom.rb

RIIIGGGHHHTTT... I'm going to take the time to look up where the formula points, make sure it's actually the developer's binary, but I'm not going to just get it from the developer. Do Linuxers ever actually listen to themselves?

I'll leave aside the idiocy of installing Atom this way. Yes, I gave you the SHA1 to my trojaned binary, but since I gave you the SHA1, it must be OK.

Cask is a solution in search of a problem.

 

[citizenrich]

RIIIGGGHHHTTT... I'm going to take the time to look up where the formula points, make sure it's actually the developer's binary, but I'm not going to just get it from the developer. Do Linuxers ever actually listen to themselves?

I'll leave aside the idiocy of installing Atom this way. Yes, I gave you the SHA1 to my trojaned binary, but since I gave you the SHA1, it must be OK.

Cask is a solution in search of a problem.

It's not clear who the Linuxers are. I agree that one should get their GUI apps from the devs or App Store, which is my practice as well. The 'idiocy'? If it wasn't clear, it was a simple explanation of how homebrew and homebrew cask are open source, not a recommendation to use cask to install GUI. I use Atom daily, and it was installed through the downloadable package from atom.io.

'Cask is a solution in search of a problem.' Indeed.

 

[theluggage]

Btw, there may be some confusion in this thread. Cask is one of many sources for homebrew formula but, at least in my use case, every formula I need for homebrew is in homebrew core:

Yes, this needs stressing.

Homebrew (or an alternative such as MacPorts or Fink) is an important tool for building, installing and version-controlling open-source *nix applications which, otherwise is a major faff, because *nix stuff is pathologically modular with a maze of interdependencies.

Obviously, this involves placing a certain amount of trust in the maintainers, but for *nix tools the alternative is to manually download, configure, build and install all the tarballs for a package that may call in a dozen dependencies.

 

[posguy99]

Homebrew (or an alternative such as MacPorts or Fink) is an important tool for building, installing and version-controlling open-source *nix applications which, otherwise is a major faff, because *nix stuff is pathologically modular with a maze of interdependencies.

Which people use to install things like Linux coreutils, because they can't be bothered to learn the options to BSD's /bin/ls. Sorry, one of my *pet* peeves.

 

[jtara]

I would guess that MOST users of HomeBrew are software developers. IMO it is the best/easiest way to get all the bits and pieces needed for command-line toolchains. Many/most software development processes use MANY command-line tools. HomeBrew manages dependencies, and manages multiple versions, so you do not have to read docs to find out what versions of dependencies you need and then go hither and yon to track them down.

It serves a similar purpose to Linux-based package managers. But since it (seems to me) mainly for developers, there has never been an emphasis on GUI tools.

IMO, the reason the cask support is even there is that sometimes a command-line tool will have some dependency on some GUI tool. (Or interact with it in some way.) I only have two casks: OSXFuse and XQuartz. Both of these have a GUI part, but also have system-y things that live in /user/local/...

If you're not a developer, admin of some type, or dyed-in-the-wool Linux/Unix/BSD geek, there's nothing here to see, move along! It wasn't meant for the average Mac user.

 

[thederby]

IMO, the reason the cask support is even there is that sometimes a command-line tool will have some dependency on some GUI tool.

cask was specifically created as an extension to homebrew to enable installation of binary and gui applications.

with changes made last year, cask-installed applications now install to the correct location (/Applications/) and applications with built-in automatic updates (chrome, for example), update as expected.

personally, homebrew/homebrew-cask is my preferred installation method because i can script the installation of all my applications and cli tools.

 

[ruurd]

Homebrew Cask (v 0.1) only dates to Aug 25, 2012.
It's still only v0.60.1
Why would I switch from stable, time tested installation software to something that hasn't even made 1.0 yet?

because it just works? because you can inspect the recipe it uses to install your ****?

 

[posguy99]

because it just works? because you can inspect the recipe it uses to install your ****?

(responding to a response to an almost two year old thread)
Right... because the cluebies who're using Homebrew because someone told them to can read ruby.