Yes, I know about this, which is why I disagree with the statement that "a packager will never be smarter than the developer" that was mentioned earlier. A developer may know his own app better than the packager, but that doesn't necessarily mean he knows or cares about the best practices.

Yes, of course I know about containerisation / sandboxing, but as you can see from the other comments, it's still subpar in both SNAP and Flatpak for various reasons. For example, some apps need to have lax permissions, because otherwise they won't work properly. I know that at least Flatpak strives to use portals as much as possible instead of raw filesystem access, but AFAIK, at this stage not all apps are able to utilise them. Maybe in the far future all Flatpak apps will finally be adapted to use portals. Also, instead of the current state of permission management, it needs a dynamic permission system, similar to what Android already has.

Still you aren't running anything as root. With the traditional distribution methods, the package manager runs as root, and at least in .deb packages, probably in others too, you can have all sorts of scripts running at install time. With distro packages you can be quite sure that they are safe, but lots of stuff can only be installed from third parties. With them trust isn't always given, hence the example. So whatever script would be put into a flatpak, it can only run with the permissions of the Flatpak, never with root permissions (sure, you can run/install Flatpaks and probably AppImages and Snaps as root, but the point is that you usually don't, they are primarily designed to be installed only user wide, not system wide).

Flatpaks are the same age as snaps (a decade old!) and have almost all of the same issues that snaps have. The only area Flatpaks are better are speed (and they’re still slower than standard packages, sometimes by a lot) and slightly better permission control.

Red Hat has just managed to brainwash people into saying that Ubuntu is a bad company while RH are the magical saviors of Linux, so anything Ubuntu is bad and anything RH does is good.

Tell me when Flatpaks are stable (don’t introduce bugs) and are also ACTUALLY sandboxed, since 95% of applications distributed as Flatpaks break out of the sandbox by default because of point 1: bugs.

Hmm. Do you think that packagers test their packages like release managers do? I know enough packages which are broken because they use a different library version.

That may be true for distributions that don't give a damn about stability like Arch. Everybody else would have already dumped that package.

Exactly. And I'd say Debian cares about this more than any other distro.

Well, I can't talk for things like RHEL, any of the CentOS successors like Alma Linux, or OpenSuse, but they are at least one of the distros with the biggest focus on doing things the proper way instead of the easy way.

Yeah, I was just thinking about regular user distros. Idk how things are in RHEL / CentOS / Alma Linux and other such distros. Regarding OpenSUSE, I'm not sure if they give such amount of attention to package stability like Debian (at least in regards to Tumbleweed, since it's a rolling release), but they certainly do a much better job than Arch. Unlike Arch, I've never heard about Tumbleweed needing manual intervention after updates (unless you have proprietary drivers) and if there is a broken package found, it should get fixed pretty quickly. OpenQA of course helps them a lot.

Flatpak people realise the limitations of Flatpaks and have spent time trying to come up with future proof solutions (e.g. portals). Which, yes has taken a long time and imho too long, but at least they recognise it.

The only performance overhead of Flatpaks is the time to setup the namespaces (near instant, systemd is already doing it anyway) and that the Flatpak won't be able to use the fs cache of shared libraries that were used to boot your machine, but they can use the shared cache of other flatpaks with the same library version combination.

There's no extraction, no mounting of anything, no decompression (other than that of your filesystem).