Homebrew Cask and Security

Somewhat new to Homebrew. As I understand it, Homebrew Cask looks for apps in its Github repository. I don't know how they get there, but I assume that the app or the link which lives at Github is not supplied by the developers of the associated app. So, then, is a download from the Cask repository an exercise of trust in the Cask maintainers?


Solution 1:

Yes, and also trust that having the sources in the open and others using it, you don't need to be the first person to catch a bad act. The traceability of who checks in what hopefully is a deterrent to casual maliciousness.

You of course are more secure to not automate installs of unsigned software from the internet.