Which is a safe way to record Firefox passwords in Gnome Seahorse Keyring?

Question

Here is a question that I asked on "AskUbuntu" and I've been suggested to ask it here:

Searching for answers about ways to record Firefox passwords in Gnome Seahorse Keyring vault,
I found severals possibilities:

1. Firefox Gnome Keyring firefox addon
   _{from https://github.com/ in this answer and this answer}

2. Gnome keyring password integration firefox addon
   _{from https://addons.mozilla.org/en-US in this question}

3. Integration con Gnome Keyring firefox addon
   _{from https://addons.mozilla.org/fr
   seems to be the Spanish version of the previous bullet on the French server (humm weird)}

4. add this PPA in https://launchpad.net and install package called "mozilla-gnome-keyring"
   _{from this bugzilla}

But now how can I know which solution is safe ?

Reading this answer, I understand that browser add-ons can easily be hacked,
so I bet that the 3 first solutions are not safe.
What about the solution with PPA in https://launchpad.net ?

Answer 1

The first one is open source, so anyone could look for backdoors in it -- including you. Of course, it's hard to say if it's actually safe without verifying it for yourself, but it's at least safer than the other two, where the source code is a secret. There's some evidence that other people are reviewing this code, and there's only a couple files, so in practice, I think this code is likely safe, but it really depends on your level of paranoia.

The PPA just has pre-built packages of the first addon. PPA's are not reviewed by Canonical, so you shouldn't assume that they're safe. You should only trust them as much as you trust the author (assuming you have some way of verifying the author is who they claim they are).

In other words:

• The first one is the safest, but it's hard to say how safe it is without reading the source code yourself.
• The PPA is only safe if you trust the source code and the author of the PPA.