Install Brave - from the AUR or Flatpak?

swh · March 13, 2025, 6:10pm

I am running brave.bin from AUR as recommended from brave website

For the most part, I use the settings from Kuketz

Darius · March 13, 2025, 6:31pm

thx @swh, I will try this

Bink · March 13, 2025, 10:00pm

I can understand if the reason to avoid the AUR is your preference to sandbox/contain a specific app and its respective files within a Flatpak, as you’ve mentioned.

It may not be necessary to say, but as others have somewhat touched on, there’s nothing inherently wrong with installing a browser from the AUR. Packages within the AUR are structured and installed the same way official packages are installed, using the PKGBUILD standard. This is how 99-100% of the software on any given Arch system is installed.

The hypothetical risk the AUR poses is that a package maintainer does not use official sources within the PKGBUILD, introducing potential for exploitation, whether wilful or unintentional.

If a PKGBUILD is using official sources and is well maintained, then functionally it is little different to an official Arch package, or downloading and installing it yourself.
If a PKGBUILD uses an unofficial source, when an official one is available, a community that’s paying attention will quickly pick up on this, as it’s completely transparent. This would especially be the case for a popular package like brave-bin, which is currently ranked 6th out of 90,240 packages.

Darius · March 13, 2025, 10:16pm

Thanks a lot @Bink, I can understand what you wrote and my concerns about the AUR are no longer valid.

cactux · March 13, 2025, 10:44pm

I have learnt that with any software you need to trust the source. Even if a PKGBUILD in AUR looks good, you need to trust the source that the package is made from.