Arch Linux

8190 readers

35 users here now

The beloved lightweight distro

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml

Safe to use a browser installed from AUR? (lemmy.sdf.org)

submitted 1 day ago by erici@lemmy.sdf.org to c/archlinux@lemmy.ml

10 comments fedilink hide all child comments

I'm thinking about switching to a Firefox fork as a web browser. Apart from Tor, they're all on AUR. I can't use Tor all the time.

Do you consider that a security risk that's worth worrying about? E.g. you could get a dodgy maintainer putting malware in it, as least theoretically.

you are viewing a single comment's thread
view the rest of the comments

[–] erici@lemmy.sdf.org 0 points 1 day ago (1 children)

Yes, that's what I'm referring to. Thanks, I'll try Flathub. Manually reviewing the PKGBUILD is beyong my capabilities.

[–] TauZero@mander.xyz 2 points 1 day ago

For something like a browser, you don't even need to "install" at all. You only need to acquire the standalone/portable executable from the browser developer's official website. For example you get Waterfox from https://www.waterfox.net/download/. If you read the PKGBUILD, even if you can't see through all the potential malicious tricks you'll at least find that that's basically all it claims to do: download a binary from official website and put it somewhere. In this case "installing" means using root permissions to stick it in /usr/bin, so all users on the computer can run it. But since almost all home computers only have a single user, you can skip having to give it (temporary) root access by saving it in your home directory instead. I also run the binary inside its own Firejail so it doesn't even have access to my personal files. You are always trusting someone, be it the Arch maintainers, the AUR contributors, or the independent browser developers, but this way the least number of parties get the least number of permissions.