Return to Answer

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

• use a dedicated user with admin rights to maintain the homebrew installation (to avoid accidential or malicious insertion of backdoored commands in the homebrew bin directory during daily use),
• creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
• using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

PS: Not risk-related, but you should add /opt/homebrew/bin/bash to /etc/shells to make chsh work without sudo.

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

• using a dedicated user with admin rights to maintain the homebrew installation (to avoid accidential or malicious insertion of backdoored commands in the homebrew bin directory during daily use),
• creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
• using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

PS: Not risk-related, but you should add /opt/homebrew/bin/bash to /etc/shells to make chsh work without sudo.

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

• creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
• using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

PS: Not risk-related, but you should add /opt/homebrew/bin/bash to /etc/shells to make chsh work without sudo.

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

• use a dedicated user with admin rights to maintain the homebrew installation (to avoid accidential or malicious insertion of backdoored commands in the homebrew bin directory during daily use),
• creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
• using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

PS: Not risk-related, but you should add /opt/homebrew/bin/bash to /etc/shells to make chsh work without sudo.

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

• creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
• using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

Sure, using a user-installed binary as a login shell has its risk, but so does running an outdated version even if it is supplied by Apple.

You can minimize the risk by

• creating a backup admin user with a macOS-supplied login shell (to protect against the risk of accidentical deletion of the Homebrew version or the symlink),
• using brew pin bash to prevent unexpected updates (to protect against the very low bitcoiner risk), and update manually if required.

PS: Not risk-related, but you should add /opt/homebrew/bin/bash to /etc/shells to make chsh work without sudo.