On Wed, 2023-11-15 at 09:00 +0100, ralfconn wrote:
> I suppose I'd better use the non-bin version of at least the thunderbird
> and firefox ones, to take advantage of the hardened toolchain features
> for these internet-connected applications. I'm not so sure of
> libreoffice (which I use seldom and only for local documents) and rust.
If you're going to compile Firefox for hardening reasons, you should do
the same with rust, since the former depends on the latter to build.
Regarding libreoffice, I think it depends on where you're sourcing the
documents from. If you never have to open a document from an unknown
or untrusted source, then it might not matter.