TGRush, I appreciate your enthusiasm, but it would be helpful if you did not post your thoughts several times in a row. This is not telegram. It is perfectly fine to edit a further thought into a post.
This is a worthwhile debate - as many users have questions. Though we seem to have hijacked your own thread with it...
It can split off, if you like.
Perhaps so, but I do not consider repetitive trust-breaking a mistake. That's a warning to stay away. It is true for significant others...
Your demonstration does not meet relevance as it is One Application, not set up as my example showed.
To me, this only begs the question of "why press on"?
We have a working, stable, and system-compatible APT.
The myth is that Flatpak offers distro agnostic and Highest Version with Best security. As already demonstrated in this thread, this is not really true.
The advantage is that Flatpaks carry all dependencies with it. But it fails at this sometimes, too.
And I do not see that as advantageous - but as Bloat. Microsoft operates the same way and it is one Standardized system with no distros.
You can check in ~/.local/share/flatpak/overrides
By necessity:
https://docs.flatpak.org/en/latest/sandbox-permissions.html
User experiences:
http://transit.iut2.upmf-grenoble.fr/doc/flatpak/flatpak-docs.html
By using the Flatseal; this is demonstrable:
Flatpak developers response to the very same example I gave above:
I partially agree with this. Some directories, like
~/.local/share/flatpak/overrides, are blocked. Even if they have home or host access, they will still need explicit permissions to get read-write access to the blocked directories. Doing this with.bashrc,.zshrcand other shell configuration files would be very useful from a security standpoint to prevent sandbox escape.
However, developers are aware of this problem and are working on it; they have introduced portals.
It's very difficult to claim otherwise, actually. Especially as even the FP Developer addressed it as something to be addressed and worked on.