I’m especially concerned about it being somehow broken, unwieldy, insecure or privacy-invasive.

Case in point; at times I have to rely on a Chromium-based browser if a website decides to misbehave on a Firefox-based browser. Out of the available options I gravitate towards Brave as it seems like the least bad out of the bunch.

Unfortunately, their RPM-package leaves a lot to be desired and has multiple times just been awful to deal with. So much so that I have been using another Chromium-based browser instead that’s available directly from my distro’s repos. But…, I would still switch to Brave in an instant if Brave was found in my distro’s repos. A quick search on repology.org reveals that an up-to-date Brave is packaged in the AUR (unsurprisingly), Manjaro and Homebrew. I don’t feel like changing distros for the sake of a single program, but adding Homebrew to my arsenal of universal package managers doesn’t sound that bad. But, not all universal package managers are created equal, therefore I was interested to know how Homebrew fares compared to the others and if it handles the packaging of the browser without blemishing the capabilities of the browser’s sandbox.

P.S. I expect people to recommend me Distrobox instead. Don’t worry, I have been a staunch user of Distrobox for quite a while now. I have also run Brave through an Arch-distrobox in the past. But due to some concerns I’ve had, I chose to discontinue this. Btw, its Flatpak package ain’t bad either. But unfortunately it’s not official, so I choose to not make use of it for that reason.

  • alt@lemmy.mlOP
    34·
    1 year ago

    You already use an arch container that has access to the AUR, which has literally every package, available on linux.

    Call me paranoid if you will.

    if anything, flatpaks are THE official (universal) packaging format for Linux

    I don’t deny that, I make good use of a ton of flatpaks on my system. I also believe that it’s the best we have. And I would literally switch to Brave as a flatpak if it would satisfy the following:

    • Be official and thus maintained by Brave itself.
    • Not having to forego its own more powerful sandbox due to (hopefully) current restrictions of Flatpak. Yes, you read that correctly; while flatpaks are arguably the safest way to consume most applications, this doesn’t apply to apps that actually have stronger sandboxes which had to be ‘slimmed down’ when packaged as a flatpak. Thus, currently, for maximum protection, one simply can’t rely on flatpaks for their Chromium-based browsers. If you choose to do so and it has worked out for you wonderfully; that’s awesome, I’ve been there and enjoyed the experience as well. But, I can’t justify it for myself any longer.
    • Presi300@lemmy.worldEnglish
      3·
      1 year ago

      I rely on flatpaks for all non-firefox browsers and haven’t had any issues with them, I’ve used the brave flatpaks specifically for almost a year now and no issues…

      • zwekihoyy@lemmy.ml
        31·
        1 year ago

        it’s still factual that flatpaks sandbox is weak by default, especially compared to what chromium provides on its own.

          • alt@lemmy.mlOP
            1·
            1 year ago

            Would you mind elaborating? First time hearing this and a quick search didn’t resolve it.

              • alt@lemmy.mlOP
                1·
                1 year ago

                I am thankful that zypak exists so that Chromium-based browsers and Electron apps don’t have to explicitly flag --no-sandbox to continue functioning. However, it doesn’t undermine the fact that native Chromium’s sandbox is more powerful than Flatpak’s sandbox. As such, if one desires security, then one should gravitate towards the native installed one.

                It lets Chromium use flatpak sub-sandboxes

                Are you sure that’s the case?

                • AProfessional@lemmy.worldEnglish
                  2·
                  1 year ago

                  The sandbox is not weakened meaningfully. It’s in a different namespace, no filesystem, no network, no GPU, seccomp rules still applied.

                  • alt@lemmy.mlOP
                    11·
                    1 year ago

                    Unfortunately, you didn’t -to my knowledge- support nor retract your claim on Chromium using flatpak sub-sandboxes. Therefore, I find it hard to continue taking your words at face value.

                    I have enjoyed these interactions, so don’t get me wrong; but if I (possibly) catch you on spreading misinformation (even if unintentional), then I find it hard to keep engagement up as there’s no guarantee that anything else coming from you is actually correct.

                    I would love to be corrected on this though, so please feel free if I have misunderstood you or anything else that would revive this conversation. If not, then I would still like to thank you from the bottom of my heart for this friendly interaction we’ve had. Take care!

      • alt@lemmy.mlOP
        1·
        1 year ago

        I think I already addressed that point with

        If you choose to do so and it has worked out for you wonderfully; that’s awesome, I’ve been there and enjoyed the experience as well. But, I can’t justify it for myself any longer.

        If you meant something else, then please feel free to correct me.