[cocotino]

Serious question: why would you want to send to Google details of the software you're installing on your computer?

[Buge]

It's not that they want to send it to Google, it's that they want to send it to homebrew, and google is an intermediary. Sending it to homebrew allows them to know what features are being used, so they know what features they could remove or improve.

[s_q_b]

If homebrew is transmitting the packages you install across the internet, through Google's servers, and through homebrew's system, it is very possible that information could be swept up in a dragnet or stored on a server that could later be subpoenaed or searched with a warrant.

[semi-extrinsic]

The analytics issue aside, how can a package manager not transmit what packages you install across the internet? At some point it has to request the package(s) you're installing from somewhere on the internet.

[s_q_b]

Yeah, over TLS, and I generally presume that a simple request for a package won't be logged and recorded for posterity.

[cocotino]

So don't use Google as an intermediary. Debian runs popcon, for example. They could run something similar.

[andybak]

It might amaze many of you to hear this but it's because I genuinely doubt Google will do anything nefarious with this data.

[pbiggar]

Because it's useful to homebrew. Analytics help software makers - that's why they exist.

[PS: that's not a serious question: it's completely facetious.]

[the_mitsuhiko]

Because it helps the ecosystem?

[mikemcquaid]

The main self-interested reason: we use analytics to judge what packages and options to remove. If no-one using analytics uses software: next time it requires non-trivial maintenance work it will likely be removed rather than fixed.

[Karunamon]

That's even worse - if I had a penny for every time a useful, but unpopular thing was shut down, I could fund my own startup!

[mikemcquaid]

And we could fund our open-source project to maintain these things. Sadly neither of us have these pennies ;)