• baseless_discourse
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    Ideally you would install app directly from the app developer, who you are trusting by using their app; or your distros maintainer, who you are trusting by using their OS.

    The use of AUR and/or unverified flathub app adds an additional person to trust, that is the person packaging these apps. flathub is slightly better as the app is sandboxed, so the damage they can cause is confined.

    Unfortunately, AFAIK, there is no store for sandboxed command line apps, this is one of the reason I like to minimize my command line usage. So that I don’t need app that isn’t packaged by my distro maintainer (like oh-my-zsh) to improve my cli experience.