Flatpak vs snap vs normal

I’m trying to understand what are the practical differences between these methods… I understand that flatpak and snap is appVM based installation, but like in general… why would I prefer flat over snap? or either of them over normal installation?
Any security aspects maybe?
I’m like at intersection with 3 roads that lead to the same destination, but I have zero knowledge about traffic or whatever

1 Like

You can read this:


From the document above

Kicksecure users are free to install their favorite software packages, but should be aware that additional software increases the attack surface of the platform

As a guideline it would be good to consider this true for any installation that doesn’t follow Qubes recommendations, i.e., “apt” and “dnf” installs from the respective Debian and Fedora repositories. For me, if I need to use a non-normal installation procedure, like Snap or Flatpak or individual program file, I create a separate Qube to isolate it for that purpose.


Thanks, I’ll read this!

1 Like

There are multiple differences between normal and other package managing methods in the context of QubesOS:

  1. With all non-default packaging systems you will need to handle updates yourself, which is also the greatest security risk.
    • This doesn’t really apply if you are capable of integrating whatever packaging system you want to use into qubes update system.
  2. It is not recommended to use non-standard package sources in trusted templates since it will expose them to the internet, see here.
  3. If you are going to keep your templates clean and install software in the qubes, for instance - using flatpak install --user it will be extremely inefficient storage-wise, because you will need to install the same software in multiple qubes.
    • This may be possible to solve using deduplication, but I never tested it.
    • This technique may be used to avoid exposing data to untrusted software, even if the template of two qubes is the same.

Feel free to add more information or prove any of my points wrong. I am not particularly experienced with qubes.

1 Like