Verification

Provide a detailed description of the proposed feature

--no-quarantine is used to forcibly bypass Gatekeeper, which is a built-in macOS security mechanism. This is used to run unsigned/unnotarized applications.

macOS Tahoe is the final release to support Intel systems, and last year Apple updated macOS runtime protection to make it harder to override Gatekeeper. Macs with Apple silicon also don't "permit native arm64 code to execute unless a valid signature is attached". Finally, we are ending support for all casks that fail Gatekeeper checks on September 1st, 2026.

With the above in mind, it's time to deprecate the --no-quarantine flag from brew. It intentionally bypasses macOS security mechanisms, which we already actively discourage. Deprecating now will give a decent lead time for users using it to come up with another solution or adjust their workflows.

What is the motivation for the feature?

Intel support is coming to an end from both Apple and Homebrew. This flag is primarily used to override a macOS security mechanism, which we do not want to encourage. Since we are requiring casks fulfill Gatekeeper checks next year, there is no reason to keep this flag.

How will the feature be relevant to at least 90% of Homebrew users?

We will provide a safer experience for our users, and stop making it easier to bypass OS-level security.

What alternatives to the feature have been considered?

None. Macs with Apple silicon are the platform that will be supported in the future, and Apple is making it harder to bypass Gatekeeper as is.