port "cask" -- installing prebuilt binaries

Ken Cunningham ken.cunningham.webuse at gmail.com
Thu Aug 6 15:29:59 UTC 2020 

All valid points. I thought we had more-or-less got past the “should we” and moved on to the “how should we”, 

I am not necessarily championing this, but people are submitting these, and there is demand.here are nearly 4000 cask installer formulae on brew now. If similar binary-only ports are going to be accepted, I was hoping for a mechanism to identify and control them somewhat, for the reasons you mention and more.

> 
> So, pretend I don’t know how Homebrew’s cask system works.  (I don’t.)  
> 
> 1) As a user, what is the advantage of this kind of system versus other avenues for software (i.e. the Mac App Store or direct download of a dmg from the developer web site)?  

convenience, really. You can install something with a short command instead of wading through finding the right installer on a website. Updates are handled transparently. You can install 10 or 20 software packages onto a set of systems with one command. You can make a list of the 75 software packages you like to have and install them all with one command. You can tell your grandmother how to install zoom with four words to paste into a terminal instead of a complicated set of download and install instructions. 

> Doesn’t most such software include an auto-updater?  

Sometimes.

> If so, won’t that conflict with MacPorts update handling?  

Yes.

> A potential disadvantage would be the time lag from a new version being released until a new ‘cask’ is available, right?

Yes

> 
> 2) My impression is that developers of commercial software would, in many cases, NOT want a third party (like MacPorts) to be distributing their software.  From their perspective, a third party introduces considerably more risk that users may end up with maliciously altered software.  Can we not expect to get takedown notices from certain publishers?

I suggest if we agree to do this, we do not mirror any installers partly for this reason.  Each would have it’s SHA code, so security would be as good as whatever good security is now. 

Software developers seem OK with "brew cask”, based on their being 4000 of them so far, and I have seen software people open PRs to update their own casks when they release a new version — so in general, they seem OK. Dunno about details beyond that.


> 
> 3) Is the MacPorts mirror network willing to contribute bandwidth for distributing non-open source software?  

I doubt it. There is no need to mirror these.

> Will we sour our relations with some of the mirrors if we use/abuse their bandwidth this way?

Probably.

>  Why do we want to use our bandwidth that way?

We don’t.

> 
> Craig

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20200806/29910026/attachment-0001.htm>

More information about the macports-dev mailing list