Please help me with a paranoid question:
I installed LinuxLive from Arch Linux AUR, but as it is managed by the community, I can not 100% be sure, that it is real.
Although PKGBUILD points to the original Ledger GitHub and the checksums appear to be the same

I uninstalled this AUR build and installed the original AppImage from, but the directory ~ / .config / Ledger is left over from the previous installation (and shows my old wallets when starting the new installation).

I updated the firmware to the latest version using this setup (original LedgerLive and questionable .config directory).
Is there anything in “~/.config/Ledger”, that can somehow change the firmware update process, does not flash the original firmware, leaks something, etc.? I have 5 Ledger devices, rely on her and have to be safe, that they are not compromised.
I really need this review.

Notify of
Inline Feedbacks
View all comments