June 11, 2026
Brewing up trust issues
Show HN: Homebrew 6.0.0
Homebrew gets a safety glow-up, and users instantly ask: why did it update everything
TLDR: Homebrew 6.0.0 adds a major new safety check for outside software sources, plus speed and update improvements. Users love the extra protection, but some are already side-eyeing surprise app updates and asking how much control Homebrew should really have.
Homebrew, the popular tool many Mac and Linux users rely on to install apps and developer tools, just dropped version 6.0.0 — and the official pitch is basically: faster, safer, cleaner. The biggest change is a new trust system that asks users to explicitly approve outside software sources before Homebrew runs their code. Translation for non-experts: fewer mystery scripts quietly doing things on your computer. There’s also a new built-in data system to speed updates, stronger Linux protections, and more "are you sure?" prompts before installs and upgrades.
But in classic internet fashion, the release notes were only half the story. The real action was in the comments, where the vibe swung from “finally!” to “wait, what did this just do to my machine?” One user thanked the team and then immediately sounded the alarm after brew upgrade reportedly updated all their apps, including ones that used to leave themselves alone. Another wanted to know if this new trust feature can be built into their setup file, because apparently even security needs to be automated. And then came the philosophical hot take: is Homebrew trying to stop being a free-for-all script runner and become something more locked-down and predictable?
The funniest mini-drama came from the user begging for a “cooldown mechanism” so software can chill before shipping fresh code to their computer — a mood so relatable it practically became the thread’s meme. Meanwhile, others were pure hype, with one simple battle cry summing up the pro-security camp: “Hell yeah, tap trust!!!”
Key Points
- •Homebrew 6.0.0 introduces tap trust, requiring explicit trust for third-party taps and tap-qualified items before their code is evaluated or run.
- •The internal Homebrew JSON API is now the default, consolidating metadata into a single download to reduce network use and speed up updates.
- •Homebrew adds Bubblewrap-based Linux sandboxing by default for developers, extending sandbox protections already present on macOS.
- •Developer defaults were changed based on user survey feedback, including making ask mode the default for `brew install` and `brew upgrade`.
- •The release adds `brew bundle` enhancements, general performance improvements, initial support for macOS 27, and a timeline for phasing out macOS Intel x86_64 support.