IMO Flatpak is the best of them all. I don’t want to bother with repo packages that have complete and unnecessary access to my system. Flatpak neatly installs an app and isolates it, and if I no longer want it I can just easily click “Uninstall” on my Settings app without it leaving a mess or any trace behind, unlike repo packages that manage to screw something as simple as uninstalling itself.
All of the points of the previous comment are actually valid. Plus, immutable distros are much safer and easier to tinker with than traditional mutable distros. For example, an extremely specialized Arch setup would be much more stable and easier to jumpstart if it was a personalized Universal Blue image, even all your Flatpaks can be declared and installed at setup.
On much more recent driver versions Wayland support has been further improved. I suggest going with Fedora Silverblue since RPM Fusion is pretty quick to roll out new driver versions.
Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.
The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.
This could well be an advanced video editor or an office suite if they take full advantage of the portals API without losing any functionality. Well, they can have the network permission, it would still be safe anyway.
With a bit of modifying code to use the color picker and maybe rearranging the workflow to adapt to the new system, apps as advanced as DaVinci Resolve and LibreOffice can have permissions as restrictive as this (the network permission would of course may be needed but it would still be marked as Safe by Flathub).
You can use the file picker API to open the files or folders your app would need to access while having no filesystem permissions at all. You can access the camera, microphone, and GPS without the user devices portal, by simply using the respective portals where the user has the power to allow or deny access to such devices as they wish.
You can record the screen, take a screenshot, and pick a color in the screen by simply calling the proper portals, with the bonus that the user will be able to select if they want the entire screen, a specific window, or a specific area to be recorded/captured and whether the cursor should be shown or not.
Heck, even TeamViewer can be as this restricted without losing any functionality if they use the Screen Cast portal which allows apps to mirror input from a remote device! They would of course need the network permission, but that’s still safe.
There’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.