Flathub is not as spartan as you think it is, but it certainly isn’t perfect. App developers still have to submit their software to moderators who have written guidelines to adhere to and there is a verification and trust system built in place.
Also all app developers have to stay reasonably up-to-date to shared flatpak runtimes that are controlled by the flathub maintainers and receive security updates.
I think both OS package managers and flatpak can co-exist, especially considering how flatpak was the staging ground for the new portals system and a permissions model akin to what android has had for years.
flathub stays winning
I for one love having to rely on dozens or hundreds of independent developers for security updates, unmaintained notifications, and code audit.
So much better than subscribing to one mailing list and running one regular update operation that removed deprecated software.
Flathub is not as spartan as you think it is, but it certainly isn’t perfect. App developers still have to submit their software to moderators who have written guidelines to adhere to and there is a verification and trust system built in place.
Also all app developers have to stay reasonably up-to-date to shared flatpak runtimes that are controlled by the flathub maintainers and receive security updates.
I think both OS package managers and flatpak can co-exist, especially considering how flatpak was the staging ground for the new portals system and a permissions model akin to what android has had for years.
afaik you can support flatpak while not being on flathub, there are flatpak files
Until someone figures out how to break out of the sandbox