Questionable audit recommendations

(Ryan Govostes) #1

I wrote a formula and ran brew audit --new-formula and was a little surprised by some of the suggestions.

  • Formulae should not have [:recommended] dependencies.

Really? Why not? These are documented in the Homebrew Cookbook and there’s no commentary about avoiding them.

This complaint was added in May by @commitay.

  • Formulae should not have an unstable spec

I think it is complaining that I specified head. Again, this is in the Cookbook with no warning against using it. This was added recently, also by @commitay, so there’s probably a discussion going on that I missed.

Both of these features are valuable to me and I don’t have any intention to remove them from the formula.

(Ryan Govostes) #2

The :recommended warning was from pull request #4170 but there’s no commentary about why.

The unstable spec bit was done in pull request #4411, based on a comment in #4408 that seemed to argue that the --HEAD feature is just not widely used.

(Ryan Govostes) #3

Mike McQuaid:

Fundamentally Homebrew is attempting to transition from a from-source to a binary package manager and I’d recommend third-party taps seek the same.

If you looked at our analytics and see what percentages of users are using the default prefix and pouring bottles and also at the relative error rates on building from source vs. pouring bottles you’d be hard-pressed to justify why we should prioritise the experience of a small number of power users over the clear majority.

We’re never going to make it impossible to build formulae from source (after all, that’s what we’re doing ourselves) but we are going to keep ramping up brew audit such that it goes from pointing out problems to best practice for users.

I guess I would like to hear more of the thinking here.

(Mike McQuaid) #4

You can obviously feel free to ignore those recommendations but it’s what we’ve found to produce the best end-user experience for Homebrew formulae. Building from source is significantly more error prone than pouring a bottle. Options require both building from source and the user using a configuration that isn’t tested by CI. A better alternative to options if you really need mutually exclusive builds is multiple formulae with different names.