Merge pull request #20229 from Homebrew/attestation_opt_in

attestation: require explicit opt-in.
2025-07-14 16:09:03 +08:00 · 2025-07-10 08:24:48 +00:00 · 2025-07-10 08:24:48 +00:00 · 5bc5d53a23
commit 5bc5d53a23
parent d46d315cc1 17762fa77a
1 changed files with 1 additions and 5 deletions
--- a/Library/Homebrew/attestation.rb
+++ b/Library/Homebrew/attestation.rb
@ -64,12 +64,8 @@ module Homebrew
    sig { returns(T::Boolean) }
    def self.enabled?
      return false if Homebrew::EnvConfig.no_verify_attestations?
-      return true if Homebrew::EnvConfig.verify_attestations?
-      return false if ENV.fetch("CI", false)
-      return false if OS.not_tier_one_configuration?

-      # Always check credentials last to avoid unnecessary credential extraction.
-      (Homebrew::EnvConfig.developer? || Homebrew::EnvConfig.devcmdrun?) && GitHub::API.credentials.present?
+      Homebrew::EnvConfig.verify_attestations?
    end

    # Returns a path to a suitable `gh` executable for attestation verification.