Current state of the world
brew update if Homebrew is more than
HOMEBREW_AUTO_UPDATE_SECS old (defaults to 60 seconds) before installing a package. This is a great feature and drastically cuts down on the amount of support issues from people installing outdated formulae.
The downside of this is that when people want to install a new package, they almost always have to wait for Homebrew to update first. This can be slow, especially if they haven’t updated in a while.
I’ve been using homebrew-autoupdate to update Homebrew in the background every day, with
HOMEBREW_AUTO_UPDATE_SECS set to 86400 (24 hours). After setting this up, I no longer have to wait for Homebrew to update when I want to install a new package, and I’m never installing formula more than 24 hours old.
After setting up homebrew-autoupdate I completely forgot about Homebrew requiring the latest version before installing. A few weeks ago I was pairing with a colleague and we had to wait a while for Homebrew to update before we could install the formula we wanted. This reminded me that many people don’t know about homebrew-autoupdate.
I’d like to suggest adding something like homebrew-autoupdate to Homebrew’s core. This would make every installation of Homebrew automatically update in the background every (say) 24 hours, and hopefully resolve most of the issues users have with Homebrew requiring updates before installing new packages.
My proposal is that this would be turned on by default. If that was deemed too far, having it as an option built into the core software would be a less disruptive alternative. If the automatic updating feature was mentioned during the “Updating Homebrew…” phase, then users who cared could add configuration for it.
As a user, I can think of a number of drawbacks to this approach, and I’m sure that Homebrew’s maintainers could think of even more:
Users may not want Homebrew to automatically update in the background.
Having every installation of Homebrew automatically update every day would probably (?) put a larger load on GitHub’s infrastructure. This could be lessened by adding randomised jitter to avoid thundering herds, stopping automatic updates if a user hasn’t interacted with Homebrew for one month, decreasing update interval to 48 hours, e.t.c. but there are still going to be more frequent smaller updates happening.
Having every installation of Homebrew updating within 24 hours means that compromising the Homebrew CLI would quickly spread to the entire installed base.
This is already a risk, but adding automatic updates would increase the scale of the risk. This might push further development of security controls around distributing updates, but would also add more development work.
Enabling automatic updates would mean people are running versions of Homebrew + formula that are up to one day old, rather than 60 seconds old. If you still wanted to keep the default update interval to 60 seconds, background updating every 24 hours would reduce the number of commits that need to be transferred. This would improve the speed of user-facing updates, but may not be worth the effort.
If a new version of Homebrew broke updating, this would propagate to the entire Homebrew userbase quickly, and lead to a lot of work to manually uninstall and reinstall Homebrew. Perhaps you’d want to limit background updates during the weekdays to avoid creating emergencies that happen over the weekend? This would be confusing for users, as Homebrew would sometimes update in the background, but not always.
It would probably be a good idea to make a
should-background-updateendpoint on a server that Homebrew controls. This would allow background updates to be paused during an emergency, but again is more work to develop, test, maintain, and operate.
Having users update in the background could mask performance issues as people wouldn’t be exposed to it directly.
I don’t have enough context about Homebrew’s maintainers or userbase to weigh the balance of these issues versus the small convenience of not having to wait for “Updating Homebrew” again. That would be for the Homebrew team to consider. I took a look through various GitHub repos for issues about this and couldn’t see automatically updating in the background being discussed, though perhaps I missed some?