1. 35
  1. 13
    1. 7

      No, seems like it’s still on the homepage & in the source code as of 3.0.0.

      1. 6

        And thereby possibly violating the GDPR of those are in the EU. But any discussions about this are immediately censored in the Homebrew project.

        1. 2

          Can confirm, as a project they don’t like being told their approach isn’t fantastic.

          1. 2

            As someone who has been on the receiving end of many discussions like that (specifically, Firefox for Android aka Fenix), I can say the following:

            An open source project and their maintainers can make decisions about how they wish t run and implement the project.

            People can file all the bugs and re-open all the discussions for things that they do not agree with, but at one point they will have to accept that a decision has been made by the people running the project.

            What I see over and over again are the same responses:

            • they do not listen
            • they do care
            • they censure me
            • they don’t deal well with criticism
            • i will leave if you don’t do what I want
            • I will fork the project
            • the project is doomed

            As someone who has been on the receiving end of this many many times I can tell you that it is extremely tiring and unproductive. As a maintainer you simply cannot satisfy all requests from all users. For all kinds of reasons. Sometimes it is as simple as “we like the way this works”.

            So dead horses will be beaten and discussion threads will be closed. Sometimes no is no. It is that simple. How do you reach consensus? Well often you do. Sometimes you don’t.

            What makes it even more complicated is that the user base is usually also fully split. I can guarantee you that in this case, sending anonymous usage to google analytics, many people could not care less and probably don’t bother to disable it even after reading the note that is shown about it.

            So I ask people here, as a maintainer of a project, what do you do? Do you submit yourself to a small group of very vocal and strongly opinionated users? Or do you just stick with what you and fellow maintainers think is the best way to go forward?

            (What I find really interesting is that in communities like this, Lobsters, there is often a lot of agreement about how bad it is that people ask for time or free support from open source projects. It is often quickly labeled as unacceptable entitlement. How are issues like https://github.com/Homebrew/brew/issues/142 different I ask you?)

            1. 3

              As a maintainer you simply cannot satisfy all requests from all users.

              Nobody asked them to satisfy all requests from all users.

              I’d imagine I’m pretty safe to say that no single user anywhere asked them to add analytics, using one of the most privacy invasive companies on the planet.

              Debian, as usual, shows how to do this right:

              (a) prompt the user on-install/first-run, if they’re happy to provide anonymous usage information. Provide links to more information if necessary.

              (b) don’t rely on a privacy abusing mega-corp to provide the backend for said usage tracking.

              1. 1

                … shows how to do this right

                This is an opinion. And exactly why these discussions are so difficult.

          2. 1

            Can you explain how it violates the GDPR?

            1. 3

              You need informed consent before you send any identifiable data, and most data points are identifiable.

              1. 1

                I am not a lawyer but I am pretty sure that you don’t need consent for anonymous analytics since there is no connection to an person.

                If you think the data that Homebrew sends is indeed PII (Personally Identifiable Information) then you should definitely raise that with them. But I highly doubt this is the case since Homebrew does not know who you are.

                1. 2

                  I’m not a lawyer either, but e.g. cookies require consent. Obviously a shell doesn’t have cookies, but Home-brew essentially re-creates them, by generating a UUID (and storing it, only generating a new one if it can’t read an existing one) and sending it with the calls to GA.

                  If you accept that a cookie is a little piece of text on your computer that can be used to uniquely identify you, I’m not sure how “a UUID strode on your computer that can be used to uniquely identify you” wouldn’t be considered the same thing.

                  1. 2

                    The nuance here is “identify you”. Again I am not a lawyer but a random session or install ID is not PII and not something that identifies you. If it is connected to for example an email address then it would be.

                    Home brew has no relationship with its users. It does not know who those are or how to identify them. If you would send a GDPR request to them to ask for your data then they cannot send you anything because they cannot uniquely identify you. Only when you give them that UUID and tell them, that’s me, they can. But at that point you have made the connection.

                    1. 2

                      As I understand it (also not a lawyer) - because the data can later be combined with another source to identify the customer (that is, ‘this uuid is that persons laptop’), it’s covered.

                      The GDPR is not written to allow clever hacks to get around it.

                      On the bright side - violators can expect formal letters of warning at no cost. If you persistently ignore those for a year or so you’re likely to get a really damn big fine, but it’s not like it’ll come as a surprise.

        2. 4

          I prefer to compile the few things I install from source, but Homebrew has helped me a lot with that workflow. It’s a great repository of build instructions, if nothing else!

          Congrats on 3.0! 🎉

          1. 3

            Just installed it and set up a separate installation for Apple Silicon stuff. So far mixed results. Git installed just fine because they have a pre-built “bottle” for it. But Neovim needs to build itself and that process keeps failing. So I guess YMMV. Still nice to see work progressing on full support for the new CPUs!

            1. 3

              Make sure you’re installing luajit and neovim with —HEAD. It builds fine on m1 then.

              1. 2

                That worked, nice! Thanks!

            2. 3

              I really like this on Linux hosts where I don’t have root or don’t want to pollute the globally installed packages.

              If it’s in your home directory, everything is compiled, so no random binaries, if you prefer to audit all of the build sources and instructions.

              1. 1

                Indeed! I use it two places that it’s become pivotal: on an ElementaryOS 5.x VM that’s using Ubuntu 18.04 as a base with some more recently dependencies required to work on this VM versus on a Mac that I’m otherwise using, and on a cluster for work that’s running RHEL 6 and won’t be upgraded anytime soon (but it’s being replaced by something running RHEL 7 by EOY).

                1. 1

                  If you’re in the Linux world you should definitely take a look at the Spack project. If you’re in the Mac world it still might be worth a look.

                  It’s basically a superset of Homebrew’s functionality. Great for building complex environments (having multiple versions of an application installed, fine grained control of build options, microarchitecture-specific compiler optimizations, etc…). And, […] Spack can also be used to handle simple single-user installations on your laptop..

                  Nicely documented and great community!