[anshargal]

It is not feasible to avoid installing any third-party software. Moreover I admitted that I use Homebrew.

However I don’t understand what makes Homebrew reliable. Homebrew is a non-profit project run entirely by unpaid volunteers.

I trust repositories controlled by corporations (RHEL, Ubuntu) or properly(?) governed non-profit organizations (Debian) more. Also I trust App Store more, because of sandboxing, static and dynamic analysis.

[woodruffw]

I don't understand the distinction you're making between Homebrew and other non-profit OSS orgs: Homebrew has a documented governance structure[1] and is hosted under a non-profit foundation.

The App Store exists primarily to distribute proprietary applications. Homebrew exists primarily to distribute open source packages. Comparing the two (and Apple's justified focus on sandboxing, etc.) feels like a mismatch.

[1]: https://docs.brew.sh/Homebrew-Governance

[anshargal]

Thank you for clarifications and thank you for your work on Homebrew. I hope that Homebrew approach is sufficient to make security risks acceptable.