I'm not claiming packagers catch more bugs than users. When you get the software directly from the developer, then who will test it for bugs? only the user. On the other hand with traditional packaging not only the users test it, but also distro packagers. Remember Linus's law? "given enough eyeballs, all bugs are shallow".

Honestly, this is the first time I'm hearing downstream patches may cause bugs that don't exist in upstream. And even if this is true you really seem to overblow the issue. Can you give at least some examples please? Personally, I know that if there's a bug in a package that doesn't exist upstream, it's most likely because the package is an older version.
Even in Debian, which probably has the most downstream patches in its packages (which some of them do get upstreamed eventually btw), it's not like most of them even cause a noticeable difference in the app behavior.

I have bad news for you if you’re a fan of Flatpaks, buddy.

I made a different experience. On Flathub I never received any hint to lower permission requirements. Neither I did notice anyone checking my app for changes after initial verification. With snaps on the other hand my apps are continuously verified manually which I get notified about after a new build and they automatically notify me about outdated dependencies in my apps. Flathub doesn't seem to care at all about deprecated dependencies which is why a lot of apps probably contain known security issues inside.

That makes me prefer the way snap utilizes the .deb packages from the Ubuntu repository for most dependencies much more than runtimes and extensions for flatpaks. Because while developers might arrange custom runtimes and extensions to update their apps dependencies more easily, most people don't.

I've also made the experience with a flatpak from me, where I restricted the permission requirements to not be marked as "unsafe" on the Flathub page, that a user wasn't able to use it as intended anymore without manually adjusting permissions. The permission systems for both flatpaks and snaps are still horrible in my opinion because you either have to much access or too little - especially when it comes to filesystem access.

So from my point of view both systems are still extremely annoying and I still prefer native packages quite a lot, no matter the distro or implementation (.deb, .rpm or PKGBUILD).

It's an automated test that every flatpak has to pass before the build. You can get an exception, but you have to request it and explain why the permission is needed.

I doubt security in this context is the main benefit, but in another. Distributions - and especially Debian is known to do so - can enforce sensible best practices. E.g. they will force the app to have its configuration in /etc, not just some stupid location deep inside /var or /usr nobody usually checks. Also, they can force an app to put dependencies into packages (if there are any that aren't yet). The latter enables security patches by just patching the dependency. The first one isn't relevant with flatpaks, only with snaps, as Flatpak is pretty much useless on a server with mostly CLI usage. With snap and flatpak it's up to you if you include dependencies into your monolithic software.

But Flatpak does have one big advantage, security wise but also trust wise - snap does too, but to a lesser degree. Flatpaks are containerized, they can't access the system - e.g. not replace other programs, like MS (I think) was caught a few years back with their deb repo - and you can very easily manage permissions with Flatseal. E.g. WPS Office sometimes has best MS Office file support, yet I'd never let some shady chinese Office run wild on my system. With the Flatpak version, I just remove internet access and be done with it.

Good for you that you never hit it. A manifest of every flatpak goes through a fairly thorough automated checks before every build and if the criteria is not met, the build is blocked. Also I do receive notifications about outdated dependencies or even pull requests from Flathub community.

[citation needed]

To be fair, they have one point for them, snaps can be used on servers and there is the possibility of auto updates - although enforced. If Flatpaks would open up to services and what not, it might be a viable use case for some edge case software otherwise not available through repos (or maybe only through the likes of AUR, but who's insane enough to run Arch on a server). Right now you can only use snap, which is just bad. Also the containerization of Flatpak might be a good alternative to docker containers if you don't want to containerize everything but only a few apps.

"Manifest permissions" for the filesystem are considered a necessary evil for breaking the chicken-and-egg dilemma of growing an ecosystem and the plan is to treat them as deprecated and encourage packagers to not use them as more portals are developed for various niches currently unsatisfied, such as needing to access the sibling .bin/.ogg/whatever when you open a .cue or needing access to everything under ~/src/foo when you open ~/src/foo/foo.ide_project.

The network permissions are a single on/off toggle because they're still trying to find/advocate for a solution for doing it in a more granular way that doesn't require running flatpak run <appID> as root.

The "grant all under /dev" permission is a proxy for "we're still trying to work around libudev considering the API that, architecturally, must straddle the host/sandbox boundary (if we want working input device hotplug detection) to be internal and unstable. (Their plan to work around that is to make a USB device portal so libudev can be fully on the host side, and then add support for it to SDL and other gamepad-using things.)

Continued uptake of Pipewire will solve needing "grant all under /dev"​ for webcams.

etc. etc. etc.

TL;DR: Odds are, they don't like it either and are being held back by API limitations lower in the stack that they're still trying to negotiate solutions to.

1. You can use Flatpak for containerized non-desktop stuff... it's just not something they promote as a use-case they want to optimize for. (eg. Some CLI tools for flatpak package maintainers, such as org.freedesktop.appstream-glib are distributed through Flatpak... they just only show up in flatpak search, not the Flathub web UI.)
2. If you don't need containerization (i.e. If you want an equivalent to unconstrained snaps), that's what OSTree via something like rpm-ostree is for. Flatpak is OSTree plus containerization and XDG Portals.