Running it from Terminal in the directory I can call ./floorp -P and that works as well.
Just as ./floorp --profilemanager
1 Like
Arkenfloorp! Sounds great! You got your own fork now! 
ArkenfloorpâŚsounds cool, eh 
I currently use a WM and I actually use hotkeys to launch my profiles. Maybe this would be better?
Example:
super+F = firefox <- this would be the default profile
super+Shift+F = firefox -P profileName2
super+Alt+F = firefox -P profileName3
2 Likes
Iâll give it a try. That is certainly interesting but I donât know if that works for me. I have only unpacked Floorp and start it from the directory. Actually it works quite well now, the profile manager opens as soon as I start Floorp and I can select a profile.
Nevertheless, Iâll take a closer look at your suggestion.
Many Thanks
Yes and no. For a source package yes. But for a browser, most people will be downloading the binary.
A binary package is much simpler. It basically just has how it is downloaded and installed. All you really need to see is where is the binary coming from. It should always be an official source. Then how/where is it being installed.
That is a different issue and is true(or not) no matter what format you choose. If you donât trust the software itself, it doesnât matter which format you use to install it.
The issue with containerized software is that it isnât only the software that matters, but what else is in the container.
Youâre welcome. Itâs all about whatâs better for you in the end.
This was mainly what I had in mind.
The AUR might be a bit more transparent that something like a flatpak or appimage, but at the end of the day, for the uninitiated user, incapable of reading the source code, no matter what format they will use there is always an element of âblind faithâ involved.
1 Like
But it isnât âapples to applesâ blind faith. In one case we are trusting the software. In another we are trusting the software, the packaging and the packaging of a bunch of loosely related stuff.
The idea that AUR packages are only more transparent if you review the source code is fundamentally silly. It has nothing to do with reading the application source code.
I agree! If blindness could have degrees, one could say that that, without really knowing what the binary is build upon, one needs to have âless blindâ faith when installing from AUR than the other formats.
We need to keep two concepts separated here: transparency and trustworthiness
The transparency of AUR becomes less relevant when at the end, you donât know the code from which the binary is build.
The PKGBUILD shows âhowâ a binary is build, from âwhatâ source and âwhereâ it gets installed in your system. In this regard it is transparent.
But when it comes to âtrustworthinessâ that is where the transparency becomes less relevant.
For the binary build with the transparency of the AUR to be trustworthy, you need to trust the source code. Either you can audit the code yourself or trust others who have done so. If you canât then the element of the âblind faithâ is at play.
The challenge with this is that there is more than one thing to trust.
When considering between different packaging options for the same software, the trustworthiness of the software(and itâs source code) isnât really relevant. There is an equal risk there in all cases.
However, the packaging is what I am worried about trusting in this case. In this situation the AUR packaging is completely transparent. For a binary AUR package, it is also very easy to review.
Now consider a flatpak. Not only is the packaging a bit more complicated, there are actually additional things bundled with it where you need to consider their packaging as well. On top of that, there is no in-band way to review all that like there is with an AUR helper.
That being said, my real concern here is the fundamental idea that because a flatpak/snap/appimage comes from the software developer, it is trustworthy. The reality is that most application developers arenât experts at packaging and security. Even if they have good intentions, it is easy for something problematic to end up on your system and stay there without being noticed. Not many people highly scrutinize the bundled applications inside a flatpak.
Is a flatpak from the developer more trustworthy than a flatpak not from the developer? Absolutely, yes.
Is a flatpak from the developer more trustworthy than an AUR package not from the developer? I would say no.
You make some good and valid points when it comes to the âopaquenessâ of packaging formats like appimage and flatpak. I agree.
But my concern here is something else.
My impression is (or has been) that, oftentimes, when installing packages are discussed, the transparency of the process of building the binary and packaging it âthe AUR wayâ is emphasized in a way as if it could be equaled with trustworthiness.
I would say that this is a misconception.
One could ( I am not saying would) end up running a malicious binary from some malicious source code but build in a perfectly transparent AUR manner.
And I would add that a large majority of GNU plus Linux and FOSS users who are not capable of auditing the codes running on their system must have some degree of âblind faithâ, either in those who have done so or in the developers of the code.
Yes. As it relates to packaging that is true. The packaging of an AUR package is fully transparent.
Installing a package from AUR doesnât make the software itself more trustworthy. But that isnât what people are implying. Those conversations almost always come up when we are comparing packaging formats.
Again, we are conflating two very different things. The trust in the application and the trust in the packaging. Nobody, no matter how savvy, validates the source of every application running on their machine. That isnât practical. Validating the source isnât even relevant to the conversation.
I agree.
No it doesnât.
No it isnât.
Letâs put it differently:
Who would want to run an untrustworthy code on their system packaged in a perfectly transparent way?
I would say that the question of trustworthiness of the code should be, if not of more relevancy, at least of equal relevancy of the trustworthiness and transparency of the packaging.
That is why I asked the question to begin with a bit further above.
With the risk of repeating myself and regardless of who prefers what packaging format, their pros and cons, when it comes to AUR and its transparent packaging, there is a possibility that
Unless one cannot be assured of the trustworthiness of the code using the transparent AUR packaging, some degree of âblind faithâ is at play. As it is for most of us common mortals doing our best to keep at GNU plus Linux, FOSS and what not.
So let us all pray to some digital divinity to keep our systems free from the âMalâ
Unfortunately, probably a lot of people.
But yes, nobody should do that.
Of course it should. But that has nothing to do with choosing between a flatpak/snap/appimage/repo/AUR package.
We should first consider if we should install something. If yes, then we can determine how to install it.
True that.
With time, I have come to put in practice, more and more, the idea of âLess is Moreâ (or translated into the Arch jargon âKeep It Simple Stupidâ).
My most trusted system is build as minimal as possible to just run a terminal, a browser, a file manager and a text editor.
On other more âcasualâ systems, I do run some flatpaks and a couple of appimages in which I have absolute âBlind Faithâ
1 Like
I agree with @dalto, there are pro and cons for every choice, in this specific case I prefer pulling from the AUR, compiling each and every time. It may just be personal bias, but I am not particularly fond of the flatpack technology, and thus limit its use to the bare minimum possible on my system.
However, again, it would be nice to have an appimage versionâŚ