I've been using Linux casually for about a year and recently switched to Ubuntu from Mint a couple of months ago. I've started to learn more about how Linux operates beyond the basics. I'm curious about the differences in security between Flatpak, Snap, and Deb packages. Why do some people dislike Snap? Why is Flatpak often preferred? And I've also heard my LLM suggest that Deb packages might be insecure. Can someone break these down for me?
1 Answer
Comparing the security of Flatpak, Snap, and Deb packages is interesting because it involves how these systems handle application interactions. Traditional operating systems have a user-oriented security model, which means when you log in, your environment is set up for your user account. That design has been increasingly seen as inadequate for privacy, especially with today's smaller, less trusted developers. Mobile OSes (like iOS and Android) shift this to an app-centric model where each app has specific permissions and can't interact with each other's data. Therefore, when you hear that Deb packages are less secure, it means that they don't isolate applications effectively. If one app is compromised, it could potentially access data from others. Flatpak and Snap aim to improve this by creating profiles that restrict what applications can access, but this isn't always consistently implemented. Snap gets some hate because it’s tied to Canonical's software source, limiting where you can get apps compared to Flatpak.
Thanks for that explanation! So when you're talking about 'isolation,' you mean like sandboxing? Why aren't Deb packages designed to be sandboxed too? Do they have some advantages that make them better for enterprises?