The author's main point seems to be that flatpak will never be a replacement, on my Linux Mint system, for things like dpkg, apt, synaptic, the Linux Software Manager, or official debian, Ubuntu, and Mint repositories. But I think it wasn't quite meant to be that?
The article misses what flatpak does well. Sure, many developers might choose to offer their programs with less than ideally secure default settings. But that some developers are not, by default, using the full security that is available under flatpak, is not a very good argument for giving those *very same* developers complete unfettered access to your system with downloadable executables, including those which may have been packaged with mojosetup. With flakpak, you can at least install flatseal and easily manage those permissions. This author's preferred alternative is not really any useful alternative at all.
And he has also misrepresented security concerns around access permissions here. He complains about the permissions which show "in the Software app on a fresh install of Fedora 34", but seems to have not noticed that those are not the permissions with which GIMP actually installs from flathub. The GIMP in flathub has very secure permission defaults. It has file access only to it's own configuration directory, a directory for Gtk configurations, /tmp, and gvfs directories which allow it to create it's own virtual filesystem. He seems to imply that nearly ALL apps in the snap store can access all personal files and system resources. While I doubt whether this is true of snap, I don't really care about snap. But I know that it isn't true of flatpak. And so why then, isn't the title of the article "Snap is Not the Answer?" Or why didn't he at least check some of the most popular flatpaks on flathub like Firefox, Spotify, GIMP, Discord, and Steam? All of which seem well locked down.
In any case, sandboxing is a huge security benefit. Lax permissions lose some (but not most) of the potential benefits of sandboxing. But far and away the most common real world security threat on linux is people just randomly downloading and running things (often with root permissions) from questionable sources on the internet. And this guy pretty much wants that to be the default for 3rd party software installation.
And his proposed solutions for things all seem to invariably make things less secure and more complicated. He seriously want every developer to have to rewrite their code to make it compatible with flatpaks? And then says this:
Maybe......because that is much simpler and much more convenient for both users and developers? Why on earth should an application's code have to be changed for a packaging and containerization system to work?Fedora is auto-converting all of their rpm apps to Flatpak. In order for this to work, they need the Flatpak permission system and Flatpak in general to require no app changes whatsoever.
Why on Earth would they do a mass automatic conversion of apps?
The flatpak portal system is working. It's why programs like Firefox, Gimp, etc., *can* run today with locked down default permissions. And there's no reason such a system couldn't eventually work also for programs like Excel and Photoshop. And while he may trust Microsoft and Adobe enough to want to allow them unfettered access to his system, I wouldn't. Even if such programs were available, I don't think I'd be tempted unless it was as a flatpak. And I don't see these companies being tempted to release Linux versions of their software either, if they have to rewrite these applications for either every platform, or every packaging system.
Ultimately, this article reads as though it was written by someone who doesn't understand the permissions based security system which has long made linux and other unix variants more secure than Windows. Sandboxing is in a way only a further extension of that kind of model. Moreover, he doesn't seem to understand how most free open source development works, either. Refusing to use flatpaks, even for what they are good at, is not by any means going to encourage any improvements. Nor is insisting on using only GTK 3 going to encourage the better development of more modern toolkits.
The one legit major downside I see with flatpaks is that the packages are big. Installing one might require 2G. Installing ten, more like 4G-5G. So I think best for now to limit it to things that need sandboxing, things which connect to the internet, and third party packages which are not available in Debian, Ubuntu, or Mint repositories (and some of which might not be available at all if it weren't for flatpaks). But who knows what future improvements will bring.