Arch Linux

7173 readers

28 users here now

The beloved lightweight distro

founded 4 years ago

MODERATORS

submitted 9 months ago by driveway@lemmy.zip to c/archlinux@lemmy.ml

25 comments fedilink hide all child comments

I have my firewall configured pretty restrictively. I am attempting to configure AppArmor but it seems to complicated.

How do you secure your desktop?

you are viewing a single comment's thread
view the rest of the comments

[–] Ordoviz@lemmy.ml 10 points 9 months ago (1 children)

Don't blindly run untrusted software, use Bubblewrap at the very least. Keep https://xkcd.com/538/ in mind.

[–] driveway@lemmy.zip 2 points 9 months ago (2 children)

Do you categorize AUR packages (if you didn't verify the PKGBUILD on every update) as untrusted?

[–] tty5@lemmy.world 4 points 9 months ago

Yes. AUR package maintainer(s) are additional people who can add malicious code (or someone else can by compromising their account).

[–] cyanarchy@sh.itjust.works 3 points 9 months ago* (last edited 9 months ago) (1 children)

I know that almost nobody treats it this way but the number one rule of AUR is that it's pretty much all untrusted, by definition.

[–] driveway@lemmy.zip 1 points 9 months ago (1 children)

Same goes for any unofficial flatpak, right? And that is most of them.

[–] tty5@lemmy.world 1 points 9 months ago

In order from the most to the least secure:

distro repos: there is a process that is supposed to ensure no malicious changes make it through. Usually far enough behind recent code changes for new issues/code being compromised to be spotted
official package outside distro repos if packaging org has secure release workflow
building from source / official package on external repo if you know little about packaging org: malicious contributor or a compromised account is enough
unofficial package: like building from source, but you have to worry about package maintainer too