Homebrew no longer allows bypassing Gatekeeper for unsigned/unnotarized software
12 comments
·November 12, 2025kragen
I don't understand what this means, although I've read the whole thread. Does this mean people won't be able to use Homebrew to compile software from source (and run it)? Does it mean that they'll be able to use Homebrew to compile software from source, but not download prebuilt binaries (and run them)? Does it mean that they'll be able to download prebuilt binaries, but only run them if they're built by a developer that Apple has blessed?
I see that someone named andrewmcwatters has posted a [dead] reply to my comment that doesn't answer my questions, just repeating the same jargon from the bug report that I don't know the meaning of.
andrewmcwatters
[dead]
seanparsons
My longstanding prediction that Gatekeeper will ever so slowly tighten so that people don't realise like a frog boiled in water is continuing to be true.
JohnTHaller
The writing was on the wall from the first implementation. But we all kept getting downvoted when pointing out the road ahead.
foxandmouse
Yeah, I’ve been noticing an alarming number of casks marked to be depreciated… at the same time gatekeeper has gotten so restrictive it won’t let me (easily) open a video files that I downloaded from the internet
supportengineer
It seems this mostly affects Intel systems.
JohnTHaller
Only true because this only works on Intel code. You can't use the typical method to bypass Gatekeeper because Apple removed it for ARM64 code.
superkuh
It may be Apple policy to prevent users from doing what they want because "security" is the most important thing for a their bank/shopping terminals. But I thought the whole point of using homebrew was to empower the user to use Apple devices like a normal computer without the hassle of having to do it manually? The developer has made it clear this is not the use case and that it helped with it was unintentional and undesired. The actual use case for homebrew remains unclear given this new information.
davidkellis
Does this affect the linux version of homebrew? I'm hoping this has no effect.
angulardragon03
No, because there is no codesigning/notarization on Linux.
andrewmcwatters
[dead]
For a quick background, Apple doesn't allow the typical quarantine bypass of Gatekeeper for ARM64 binaries. It must be digitally signed to run. And Intel based Macs are a dead end with macOS Tahoe being the last OS released for them. So, brew is disabling the --no-quarantine switch in their next major release or so.
From the post: "What alternatives to the feature have been considered?
None. Macs with Apple silicon are the platform that will be supported in the future, and Apple is making it harder to bypass Gatekeeper as is."