If you want to solve security, portability, and distribution in proper way, you will end with something similar.
Security: Snap are running in sandbox by default and have proper support for system permissions. They are installed in user home directory. There is central store that allow for reporting and regularly perform security scanning.
Portability: Snaps works on most distros. They allow building once and distribute everywhere model. You no longer need to build multiple packages for every package manager in universe. They make building software for Linux easy[1]. I remember doing rpm to deb conversion, installing from source and running stuff in VM/docker.
Distribution. Most distros do not accept proprietary apps. Most importantly, you are no longer at the mercy of distro maintainers deciding when you can release your own software. Because your snaps are portable, your users will get updates even if they are on an older distro. Hopefully no more PPA hell that can brick your system.
The sandbox doesn't work on any distros that aren't using the latest AppArmor, such as Fedora and derivatives.
Flatpak tries to solve the same problem at least for desktop apps, but with a few key differences:
- The sandbox is implemented entirely using user namespaces, not using Apparmor or Selinux, hence works on basically any modern distro.
- The user remains firmly in the driver's seat in terms of when applications get updated. Yes, you can enable automatic updates, but unlike with snaps, you can also opt out.
I've written this comment several times, but it basically spams your system folders, mounts, daemons, and more. Integration is clumsy and poor. It doesn't give much ability to configure it either. Canonical just doesn't have the human-enginering chops/resources to polish all the rough edges. Sorta reminds me of docker, good ideas, middle-brow execution.
Add in poor startup performance, and I removed it. Replaced Chromium snap with a PPA, which was faster and 10x less intrusive.
It's been a while since I evaluated them all since I'm a Nix user so my portability needs are met already, and it seems like the sandboxing stuff is still getting worked out, but my impression the last time I looked was that Flatpak was better thought out.
The mountpoints thing seems very minor and cosmetic to me, though.
I guess it sucks to be surprised by something that's only kind of okay.
Just gave Snap another try last night and I was astonished at the slowness (both for package installation and program startup times)
can't really think of a single thing about the experience that I liked, and it even seemed bad compared to other container systems, like Docker and Flatpak
Security: Snap are running in sandbox by default and have proper support for system permissions. They are installed in user home directory. There is central store that allow for reporting and regularly perform security scanning.
Portability: Snaps works on most distros. They allow building once and distribute everywhere model. You no longer need to build multiple packages for every package manager in universe. They make building software for Linux easy[1]. I remember doing rpm to deb conversion, installing from source and running stuff in VM/docker.
Distribution. Most distros do not accept proprietary apps. Most importantly, you are no longer at the mercy of distro maintainers deciding when you can release your own software. Because your snaps are portable, your users will get updates even if they are on an older distro. Hopefully no more PPA hell that can brick your system.
[1] https://www.electronjs.org/docs/latest/tutorial/snapcraft