Please help me with a paranoid question:
I installed LinuxLive from Arch Linux AUR, but as it is managed by the community, I can not 100% be sure, that it is real.
Although PKGBUILD points to the original Ledger GitHub and the checksums appear to be the same
https://aur.archlinux.org/packages/ledger-live-bin/

I uninstalled this AUR build and installed the original AppImage from ledger.com, but the directory ~ / .config / Ledger is left over from the previous installation (and shows my old wallets when starting the new installation).

I updated the firmware to the latest version using this setup (original LedgerLive and questionable .config directory).
Is there anything in “~/.config/Ledger”, that can somehow change the firmware update process, does not flash the original firmware, leaks something, etc.? I have 5 Ledger devices, rely on her and have to be safe, that they are not compromised.
I really need this review.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments