I love how homebrew makes my life easier! Though, I just realized that I don't really know who is "signing off" the stuff I get installed through it. So, I ask:
- Is there a central repo (like Linux distro PPAs)?
- Or is it all decentralized (ie. code gets downloaded simultaneously from Github, Source Forge, etc)?
- What mechanisms are in place to prevent trojan horses from being
installed through brew?
Best Answer
If you look at the details of a homebrew package (e.g. on http://braumeister.org), you'll find the address of the source code in the ruby script. So it is not stored in a centralized manner but directly on GitHub etc.
Anyone can submit a package to be installed and the maintainers either accept / modify / reject hosting the software in the main directory.
However, it’s easy to set up your own directory and tap that and then install anything you want using the homebrew scripts and tools. It’s pretty open to change if you want to add to it.