Homebrew no longer allows bypassing Gatekeeper for unsigned/unnotarized software

Posted by firexcy 11/12/2025

Homebrew no longer allows bypassing Gatekeeper for unsigned/unnotarized software(github.com)

345 points | 287 commentspage 2

jimrandomh 11/12/2025|

I think of homebrew as a curation service; it lets me name a piece of software and install it without having to any special diligence on it. In that use case, I _want_ them to enforce code-signing requirements; that reduces the risk that some software-supply-chain compromise will spread to my computer.

I do want the ability to install unsigned software, either because I wrote/compiled it myself locally and can't be arsed with signing, or because I'm getting it from a non-public source that doesn't want to share a copy with Apple, or because it's from a developer I trust who can't be arsed. But I never want to get unsigned software _from a curation service_.

whywhywhywhy 11/13/2025||

Protecting the user from things they don’t realize are apps or new apps on general is important.

But the amount of overreach in gatekeeper to try and make the failed Mac App Store profitable and milk $90 a year at the expense of apps users want to run is egregious.

torginus 11/13/2025|

I personally think $90 per year is reasonable and not 'milking' - I don't think it's large enough to suspect Apple making bank on this, but does represent a certain level of commitment from a dev and prevents users from spamming developer accounts.

The only scenario in which I think it's excessive is broke student devs, not sure if there's a scheme to waive the fee for them.

Not allowing regular folks to run unsigned apps is something I also agree with -though I would love if Apple allowed us to trust third-party root certs so that apps would be both signed and free of Apple's control.

charlie-83 11/13/2025|||

I find it hard to believe that charging people is the only way to stop people people from making multiple/spam accounts. It seems like it's just the easiest and most profitable. And, if it is the only option, then why does an account that has been paying Apple $90 a year for a decade still need to keep paying them: it's seems unlikely to be a spam account at that point.

91bananas 11/13/2025||

This is like the "why do i have to pay property taxes after i pay my house off?" for Apple™

whywhywhywhy 11/13/2025||

You’re right I shouldn’t have to. I already paid tax on the money to buy it and paid extra tax for the right to buy it, why the triple dip.

salawat 11/13/2025|||

>Not allowing regular folks to run unsigned apps is something I also agree with -though I would love if Apple allowed us to trust third-party root certs so that apps would be both signed and free of Apple's control.

Rolling up the ladder much? Most who can program nowadays in one form or another owe the learning experience to the fact we could write and run unsigned apps without nannery measures like Gatekeeper.

I flat out refuse henceforth the do anything that encourages mind share on fundamentally anti-user, gatekept platforms.

torginus 11/13/2025||

The reason you can go anywhere on the internet and trust at least that the website you're viewing is in the form the creator intended is that HTTPS exists - which requires that a trusted entity has issued a cert that proves the domain is indeed held by the person and what goes on in that domain hasn't been tampered with externally.

That is the default on the internet, and even enforced. I'm merely saying that for average users (or power users even, who understand the risks) the default should be that the same guarantees apply to desktop apps as well (especially considering those usually have far more access).

HTTPS shows that such a world where people live with this restriction is possible and practical, and far from the jackbooted tyranny you describe.

buildfocus 11/12/2025||

The contrast between the steadily shrinking freedoms in Apple-land and the open computing approach underlying all today's the Valve announcements is fascinating.

hoherd 11/12/2025||

I switched from Linux to macOS with osx 10.2.8 because it was a much better unix desktop experience. Lately, more and more I've been feeling a lot like linux is a better desktop experience.

Yeah yeah, I'm sure there's a whole line of people who'd like to mock this entire decision, but I assure you that back then, a lot of us would rather use our desktop OS than fix our desktop OSes broken 802.11b, audio, graphics, etc.. And back then, osx shipped x11, and you could `ssh -Y` and `xnest` and all that fun stuff. Plus linux (and other unixes) never left my side for headless work.

Top this off with all the Android lockdown, and I feel like linux and FLOSS has maybe never been as important as it is now.

bluescrn 11/12/2025||

Yet Valve have still managed to maintain a dominant 'App Store' without having to rely on locked-down platforms.

superkuh 11/12/2025||

It may be Apple policy to prevent users from doing what they want because "security" is the most important thing for a their bank/shopping terminals. But I thought the whole point of using homebrew was to empower the user to use Apple devices like a normal computer without the hassle of having to do it manually? The developer has made it clear this is not the use case and that it helped with it was unintentional and undesired. The actual use case for homebrew remains unclear given this new information.

nemothekid 11/12/2025|

As I understand it `--no-quarantine`, as it is currently implemented, is a noop on ARM Macs. So if Homebrew has two options:

1. Play cat and mouse with Apple to ensure `--no-quarantine` works

2. Deprecate and remove the feature.

superkuh 11/12/2025|||

Well, 2. is what the people are asking for but aren't getting. They want deprecation and a ENV flag to enable. It'd be enough. But even that isn't being allowed which is weird for a power-user program. I can't help but think, "Don't obey in advance."

nemothekid 11/12/2025||

2 is what is happening. The feature is being deprecated and will likely be removed in the next MacOS version.

>I can't help but think, "Don't obey in advance."

They aren't obeying in advance. They simply aren't doing the work to find another Gatekeeper bypass for ARM64.

superkuh 11/15/2025||

They're deprecating it and removing it. What is required is deprecating it and leaving it in (with env flag to enable) till it actually breaks rather than obeying in advance.

saagarjha 11/13/2025|||

No, it definitely has an effect on Apple silicon. Without this you will be blocked from running ad-hoc signed code.

JohnTHaller 11/12/2025||

For a quick background, Apple doesn't allow the typical quarantine bypass of Gatekeeper for ARM64 binaries. It must be digitally signed to run. And Intel based Macs are a dead end with macOS Tahoe being the last OS released for them. So, brew is disabling the --no-quarantine switch in their next major release or so.

From the post: "What alternatives to the feature have been considered?

None. Macs with Apple silicon are the platform that will be supported in the future, and Apple is making it harder to bypass Gatekeeper as is."

Aaron2222 11/13/2025|

While it is true that macOS requires binaries to have a digital signature, that can just be an ad-hoc signature. Other than that, not much has changed. Gatekeeper (and the ability to bypass it for specific apps/binaries) works much the same for unsigned Intel binaries as for ad-hoc signed Apple Silicon binaries.

theoldgreybeard 11/12/2025||

This has turned into a such a pain point for me I'm probably just going to ditch MacOS on my next hardware refresh and insist on a Linux-based workstation. I already use Linux for everything else, changing for $DAY_JOB is trivial.

DavideNL 11/13/2025|

Meanwhile, just automatically remove the quarantine attribute: https://news.ycombinator.com/item?id=45913209

theoldgreybeard 11/14/2025||

If I’m gonna bother doing something like that I’m just gonna use Linux and just not have to deal with it at all.

haunter 11/12/2025||

Funny/sad to see this post just under the

"Install your own apps, or even another operating system. Who are we to tell you how to use your computer?"

Turns out you can be both consumer friendly AND have a wildly successful app store. Who knew?!

skygazer 11/12/2025||

Hmm. I use arm64 macports instead of homebrew, and as far as I know, I download prebuilt binaries from macports without issue even on Tahoe -- are they signing them with an approved account? Or did they force me to build everything from scratch, like the old days, and I haven't noticed?

woodruffw 11/12/2025|

This doesn't affect most prebuilt binaries. It specifically affects what Homebrew calls "casks," which are redistributions of .app bundles (which come with additional restrictions via Gatekeeper, unlike a "simple" binary).

nixpulvis 11/13/2025||

Also, fuck Apple's entire notarization process.

https://github.com/alacritty/alacritty/issues/8749#issuecomm...

If you want a more level headed overview of code signing differences, you can read this post I wrote back when this issue started coming to a head the first time back in 2021: https://nixpulvis.com/ramblings/2021-02-02-signing-and-notar...

Now, unsurprisingly, more and more distributers are falling in line, and it's all mostly theater.

Where is our modern Stallman, how have we let these massive platform OS providers assert this much control over the developer ecosystem.

They collect $99/yr for the right to give away free software! Madness. And they lie about the safety of the system. How about focus on keeping the OS secure and maintaining process isolation, and let users run what they want.

fudged71 11/12/2025|

Homebrew also started preventing you from installing any packages system-wide with pip

woodruffw 11/13/2025||

This is true, but also misleading: Homebrew did what every major "distro-level" package manager did, which was conform to PEP 668[1].

(This, as it turns out, was a great idea. A single global shared environment that pip used by default was one of the single greatest sources of user frustration in Python.)

[1]: https://peps.python.org/pep-0668/

kstrauser 11/13/2025||

No, pip itself did that, and fortunately. It’s a setting you can disable if you want to be able to accidentally trash your environment.

saagarjha 11/13/2025||

I want to purposefully trash my environment

kstrauser 11/13/2025||

Pip will let you! You just have to ask it nicely.

More comments...