[jxcl]

My concern isn't that I don't trust Keybase to not be malicious, it's that I don't trust their packaging to not conflict with other packages. Debian has a very strict packaging process and it effectively guarantees a stable system, but installing packages that don't follow the standards that their packagers have could cause problems on upgrades.

I don't know enough about Linux to verify that the Keybase package does everything right; I delegate that to the Debian packagers and don't install anything as root unless it's from the Debian package repositories. Any software that I need that isn't in the distro is installed to a folder inside my home folder, where it might conflict with other custom installed software, but at least it won't break the entire system.

[giancarlostoro]

I believe if you do dpkg --contents keybase.deb (or whatever it's called) it will list out what files are in a debian file. You should be able to see if they're including their own that conflict with the rest of the OS, but also if a package is going to mess with a file the OS installed, my experience has been that the package manager will warn you of this or not allow it, but I can't remember off the top of my head. Sane use of dependencies on Debian means depending on the specific dependency from that specific version of Debian.

I've built my own Debian packages at work, but I'm not a total guru yet. I've never ran into issues with KeyBase yet on Linux, but honestly you could always open up a GitHub issue with your concerns to find out.

Edit:

Best I can tell from their github they install KeyBase to /opt/keybase specifically, or at least the main stuff, which is what third party packages usually do.