From 17762fa77a2c08ea6a6e4bc28a6116d4def660f3 Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Thu, 10 Jul 2025 09:10:08 +0100
Subject: [PATCH] attestation: require explicit opt-in.

Work on this has stalled a bit and it slows things down so let's require
an explicit opt-in to use it.

While we're here, remove the silent/implicit opt-out for CI, too.
---
 Library/Homebrew/attestation.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/Library/Homebrew/attestation.rb b/Library/Homebrew/attestation.rb
index 44f1a4d0b3..d55125fbc9 100644
--- a/Library/Homebrew/attestation.rb
+++ b/Library/Homebrew/attestation.rb
@@ -64,12 +64,8 @@ module Homebrew
     sig { returns(T::Boolean) }
     def self.enabled?
       return false if Homebrew::EnvConfig.no_verify_attestations?
-      return true if Homebrew::EnvConfig.verify_attestations?
-      return false if ENV.fetch("CI", false)
-      return false if OS.not_tier_one_configuration?
 
-      # Always check credentials last to avoid unnecessary credential extraction.
-      (Homebrew::EnvConfig.developer? || Homebrew::EnvConfig.devcmdrun?) && GitHub::API.credentials.present?
+      Homebrew::EnvConfig.verify_attestations?
     end
 
     # Returns a path to a suitable `gh` executable for attestation verification.