overdodactyl / ShadowFox

A universal dark theme for Firefox
https://overdodactyl.github.io/ShadowFox/
MIT License
1.32k stars 58 forks source link

Please provide more secure options for installation #324

Closed Friptick closed 4 years ago

Friptick commented 4 years ago

First off, this software looks great and its authors are almost certainly trustworthy.

But really, you are asking users to run a binary on the basis of no audit or oversight except this Github account? How is this different from the proverbial 90s clickhere.exe? As a user why should I trust you?

The source code is available, yes. But installation still requires a compiled blackbox binary file. Personally there is no way I run that unless it is vouched for by the OS (Windows, Ubuntu, whatever). I believe that is the accepted best practice these days.

For Linux is there any prospect of a shell script version, so that at least we can see what it is doing in plaintext?

I would love to user ShadowFox but as of now I cannot justify it. A pity. Thanks for considering.

DrWhoCares commented 4 years ago

Technically, the installer was extracted into a separate repo. https://github.com/SrKomodo/shadowfox-updater/releases So this is likely more of an issue for that repository.

Friptick commented 4 years ago

@DrWhoCares Thanks. Closing.