[aj3]

From the security perspective both snaps and flatpaks are preferable to dep/rpm for browsers, email clients, office suite, document viewers and other stuff that is used to parse untrusted data often (due to [wip] sandboxing and auto update).

Snap packages are better maintained (more often with direct involvement of the app developer) and generally receive updates a bit earlier than flatpak. In both cases you need to pay attention who the app maintainer is and I'd argue that in case of unknown maintaners deb/rpm packages are safer choice.

[SahAssar]

> From the security perspective both snaps and flatpaks are preferable to dep/rpm

Most of the packages still have access to the home directory of the running user, right? The sandboxing almost always seems either configure to be as lax as possible or so strict so that it causes issues. For most desktop linux users if a app has access to their home directory and network access then it already has 99% of interesting things.

[galgalesh]

Snaps have only limited access to your home directory and you can turn it off as a user. They don't have access to hidden folders in your home directory, for example, so they can't access your ssh keys, config and keychain.

Flatpaks are more an "all-or-nothing" approach. Either the app is in a tight sandbox and uses portals to access things like the camera or it has almost complete access to your os. Since portals are a new API which requires app rewrite, most Flatpaks are not sandboxed.