Show HN: Homebrew 6.0.0

Original Article ↗ Hacker News Discussion ↗

Upgrade behavior & casks

  • Some users report that brew upgrade now updates all casks, including those marked auto_updates: true, which previously were skipped.
  • Maintainers say this is intended: Homebrew now skips only casks it detects as already auto-updated, but the detection is not perfect and bug reports are requested.
  • There is an env var to restore old behavior for auto-updating casks; concern that users who disabled hints may see this change “silently”.
  • Several users dislike “overly eager upgrading” or world-updates when they only want a single package.

Security, cooldowns & supply-chain

  • Multiple commenters ask for “cooldown” features (delay new releases) to mitigate supply-chain attacks.
  • Maintainers explain Homebrew already uses cooldowns and human/CI review for certain ecosystems (npm, PyPI, RubyGems, etc.), arguing a global cooldown would harm more than help given its model.
  • Some still want user-side cooldown or slower channels; others prefer fast zero-day fixes.
  • Questions are raised about the depth of “human review” when updates for large projects land within ~1–2 hours of upstream release.

Versioning, pinning & rolling release

  • Homebrew remains a rolling-release manager; exact/old versions are not a primary goal.
  • Tools like formula@version, brew version-install, Bundle’s version_file, and brew pyenv-sync exist but are partial solutions.
  • Users who want strict pinning or long-lived old versions often turn to Mise, Nix, MacPorts, or language-specific managers.

Tap trust, signing & prompts

  • New tap trust is welcomed by some but others question how much it actually improves security versus just adding confirmations.
  • There is debate over Homebrew dropping unsigned casks and how that interacts with concerns about platform lock-in and code signing.

Performance, UX & concurrency

  • Many praise noticeable speed/performance improvements in 6.0, especially for brew upgrade.
  • New interactive prompts (e.g., asking before installing complex formulas) are appreciated by some; others immediately look for env vars/flags to disable them.
  • Users on constrained networks ask for better controls over parallel downloads; concurrency can be tuned via an env var, but bandwidth throttling is not present.

Alternatives, ecosystems & usage patterns

  • Large subthread compares Homebrew with Mise, Nix, MacPorts, pkgsrc, and devbox.
  • Common pattern: use Homebrew for GUI apps and general tools; use Mise/Nix/language managers for per-project or multi-version runtimes.
  • Some have left Homebrew due to forced upgrades or macOS support phase-outs; others have moved back from Nix citing better macOS integration and UX.

Linux, immutable distros & userspace PMs

  • Homebrew is increasingly used on Linux, especially immutable/atomic distros and corporate or shared environments where users lack root.
  • Users like having a “userspace package manager” decoupled from system packages and slower distro repos.
  • Some confusion remains about Linux install prefixes and non-root setups; more documentation and guarantees are desired.

Intel support & old Macs

  • Deprecation timeline for Intel macOS is controversial: some argue Intel servers/old Macs are still common in the Homebrew-using demographic; others say such users are a tiny minority and should run Linux or other tools.
  • Alternative ecosystems (MacPorts, Nix) are mentioned as remaining options for older macOS versions and Intel hardware.

Governance, infrastructure & AI

  • There are questions about Homebrew’s tight coupling to GitHub and the difficulty of self-hosting taps (git server requirement).
  • New “Responsible AI Usage” documentation is noted; some wonder how extensively AI was used in 6.0 and whether guidelines are consistently followed.
  • Several commenters highlight that Homebrew is volunteer-run and encourage donations; others express surprise it isn’t funded by major vendors.