I actually wanted to ask this question in the “Which privacy browser?” thread, but it’s now closed:
I’d like to take the time to test Brave thoroughly and see if it might be an alternative for me. However, the package is only available either in the AUR or as Flatpak. What would you recommend? Flatpak is installed on my main computer, but it’s not currently in use. I’m concerned about getting something as important as the browser from the AUR. Please enlighten me!
PS: Does Brave support Chromium extensions (password managers)?
Well, yay is already installed in EOS anyway, and I’ve already installed a few packages from the AUR. I just don’t really like the idea of getting a browser from the AUR.
You can look at the PKGBUILD. It looks innocent. It downloads the zip file from Brave’s Github and copy its content to /opt plus copying a .desktop file.
But I understand your choice. So go for the flatpak as it is also official.
One more thing: yay -Sy package is not the good way of installing package.
yay -Syu package is better because it update the system first and it will not be in partial upgrade state.
I’m currently using the aur package. If you decide to use the aur, brave-bin is faster to install and update (for me) than the non-binary package. I like flatpaks but those have to be updated separately with “flatpak update” (minus the quotes) in terminal.
@cactux, thanks for your explanation. I’ll use the Flatpak package, if only because I can then remove it from my computer without leaving any residue if necessary.
I’ve never installed AUR packages without yay -Sy package, but always with yay package.
I have about 5 AUR apps and 5 flatpak apps.
I wanted 10 AUR apps and 0 flatpak apps.
My point is sometimes an AUR -bin, compiled and maintained by someone, worked flawlessly on that 'someone’s computer..not always yours. This is a reality and I can list the apps.
Go AUR first. If that app gets wiggy, get the stabler (in that instance) Flatpak. 2 cents.
Is the irony lost that people, using an Arch Linux based system which is comprised of hundreds of binaries compiled on someone else’s computer and combined by a third party (the distro creators), are worried that a few AUR packages (that are transparently delivered) may in some way compromise their security?
I used your quote as a general jumping off point. Sorry to single you out. I always chuckle when I read these types of discussion threads that raise suspicious eyebrows at AUR delivered software. The AUR is not a software repository and many people confuse it for one.
all good. I agree a lot of trust/suspicion convos are moot before they ever begin. I trust the AUR but unsure how I would categorize it. It is the wild west for sure. Not a repo, per se, but a ‘fan’ curation of software? How would you categorize it ?
I would call the AUR a delivery service or a cookbook. The AUR houses recipes of how to build packages provided by thousands of individual software creators and allows the user to build and install software provided by other parties. Sometimes those recipes are written by the actual software providers, but more commonly, the recipes are contributed by third parties. In the end, the AUR collects software recipes and allows the user to install software from various sources. It is incumbent upon the user to inspect the recipes and determine if the process is kosher (and no, I did not see that pun coming before I wrote it! ).
Yep, a repository of build packages/recipes (if you like that terminology), it doesn’t actually house data/packages in itself. Often GIT and even commercial repositories do.
It is/was really a clever idea I think…and is one of the main draws of Arch.
But it is repository of PKGBUILD files, which are essentially recipes of how to build software packages created and provided by others. I guess an argument can be made for AUR bin packages, but even then, the AUR does not really collect software, only means of building software housed elsewhere.
@Darius, if you don’t want to install Brave from AUR or Flathub, you can download the zip file directly from Brave’s repository in Github. You can verify its sha sum and signature You can extract it and run its binary. This works as well but I think you have to check for updates yourself and repeat the same. But:
For now, it’s only intended for testing Brave. I don’t think I’ll do it on my main computer, but rather on my old Dell Latitude 5490, which I have in my closet specifically for such cases. I’ll probably go with the AUR, since I can’t ruin anything on the old machine. If I actually install and use it on my main computer later, I’ll probably use Flatpak.
).