I have my firewall configured pretty restrictively. I am attempting to configure AppArmor but it seems to complicated.

How do you secure your desktop?

  • drivewayOP
    20·
    10 months ago

    Do you categorize AUR packages (if you didn’t verify the PKGBUILD on every update) as untrusted?

    • tty5
      40·
      10 months ago

      Yes. AUR package maintainer(s) are additional people who can add malicious code (or someone else can by compromising their account).

    • cyanarchyEnglish
      30·
      10 months ago10 months ago

      I know that almost nobody treats it this way but the number one rule of AUR is that it’s pretty much all untrusted, by definition.

      • drivewayOP
        10·
        10 months ago

        Same goes for any unofficial flatpak, right? And that is most of them.

        • tty5
          10·
          10 months ago

          In order from the most to the least secure:

          • distro repos: there is a process that is supposed to ensure no malicious changes make it through. Usually far enough behind recent code changes for new issues/code being compromised to be spotted
          • official package outside distro repos if packaging org has secure release workflow
          • building from source / official package on external repo if you know little about packaging org: malicious contributor or a compromised account is enough
          • unofficial package: like building from source, but you have to worry about package maintainer too