Reason 9,584 not to install random .debs from the Internet, *even when you trust the source*:

Brave changed their signing key, breaking app updates. They expect you to manually download, import, and trust a new key from Terminal to fix your system. community.brave.com/t/linux-us

Great for Linux experts. Not so great for literally anyone else. Plus, depending on your OS and how it handles GPG and key errors, it could break automatic updates, regular OS updates, etc.

Follow

Even worse: Brave gets root access to your system every time you install or update their software. They could have used that scary amount of power to fix and avoid this. But they didn't, and it's on users to fix Brave's issues.

· Mastodon Twitter Crossposter · 1 · 2 · 4

Stick to your curated app stores, folks. Or at least sideload using lower risk technologies like snap and Flatpak. And app developers, DO NOT MAKE YOUR USERS PIPE CURL TO SUDO to install your apps. Provide your apps in a sane format.

@cassidyjames @poetgrant “make install” should not be a thing in 2019. Luckily though, it really is rare these days.

@kev @cassidyjames @poetgrant
I'd take "./configure; make; make install" any day over "curl |sudo sh", and in many cases over flatpak et al.
A sane ./configure (or equivalent in other build systems) lets you chose which libraries the package uses, in which directories it installs its files, etc.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!