The Changelog: Software Development, Open Source Homebrew! Part Deux (Interview)
Mar 6, 2019
In this engaging discussion, Mike McQuaid, a key software developer behind Homebrew, shares insights into the latest 2.0.0 release and its new compatibility with Linux and Windows 10. He delves into the significant security challenges faced in 2018, highlighting the balance between open-source transparency and necessary protection. The conversation also touches on Homebrew's fresh governance model and the evolution towards automated features. Additionally, Mike reflects on community engagement and the excitement surrounding ongoing developments.
AI Snips
Chapters
Transcript
Episode notes
Homebrew Security Incident 2018
- Homebrew faced a security issue in July 2018 where a leaked Jenkins token granted push access to some repositories.
- Thankfully, due to quick action and the limited scope of the token, no significant damage occurred.
Open Source Security vs. Nation States
- Open-source projects like Homebrew are vulnerable to silent exploits, especially from nation-state actors.
- However, Homebrew's design, built on Git with immutable CDN and hashing, makes undetected compromise difficult.
Open Source Security Best Practices
- Open-source projects should prioritize responsible disclosure of security vulnerabilities.
- Accept that you cannot address every security risk due to limited resources and expertise.