Homebrew-cask: cryptocurrency wallets

I agree with @commitay
We should remove repos that have a hazard of breaching the security of homebrew users.
There will be haters, but it is for the greater good.

Two easy solutions:

• Make an extra repo for crypto wallets, with a huge caveat.
• Refuse them and move them to a sister unofficial org, like alehouse/homebrew-unofficial.

However, though I’m typically in favour of removing casks I’m not sure this would sit well with the community.

We should remove repos that have a hazard of breaching the security of homebrew users.

That is every cask. There is literally no app that couldn’t be a risk if it were tampered with.

It seems to be common for them to be renamed, discontinued to be replaced by something else similarly named, release multiple versions, change homepages, move offical development to a fork, be forked by a third party

Maybe what we need are stricter rules for acceptance. If I recall correctly, at the start I thought 10 stars was too low a number. We could increase that. We could also require a similar rule to Homebrew about needing the app to be X time old. Stricter acceptance rules could mean more control over the more finicky wallets.

Refuse them and move them to a sister unofficial org, like alehouse/homebrew-unofficial.

This may be the better option so they are external to Caskroom.

I’m not sure this would sit well with the community.

Yes, I expect some contributors/users won't like it. If they are using these apps (and also familiar with them and follow upstream changes) they might be better managing them in their own personal tap or creating a community org/tap.

I realise it is unfair to tar a whole category as "bad" because of a couple of problematic Casks but "users should have reasonable knowledge" is hard to apply pro-actively (and TBH, most users probably don't check Casks) + upstream changes / verification + the direct involvement of $$$ makes for a potentially bad combination.

The generic names of some these Casks may also be an issue if we continue to add them. We currently have 30-40, if the number continues to increase we may have issues with differently named duplicates and/or user confusion.

Maybe what we need are stricter rules for acceptance. If I recall correctly, at the start I thought 10 stars was too low a number. We could increase that. We could also require a similar rule to Homebrew about needing the app to be X time old.

I think consistency with Homebrew on this (and perhaps reusing their GitHub audit) would be good to have in general.

I think consistency with Homebrew on this (and perhaps reusing their GitHub audit) would be good to have in general.

The audit system could be modified to look for apps and fail if the PR is simply a duplicate.

Maybe what we need are stricter rules for acceptance. If I recall correctly, at the start I thought 10 stars was too low a number. We could increase that. We could also require a similar rule to Homebrew about needing the app to be X time old.

As for the safety of the apps, I agree with upping the star system to be ~50 for this case. Although verifying the time would be bothersome, it would make the majority who use the casks know that the app has been tested by the public.

Closing this out as we now enforce a minimum of 50 stars for new Casks.