I’d go with the Debian package. That’s tied into the system. You get nice updates, there’s more eyes on what the upstream developers do, sometimes the Debian maintainers disable things like tracking, fix vulnerabilities in libraries. It’s smaller, less permission issues… It’s just safer and more convenient…

I’ll go for Flatpak once there’s some benefit. For example the sandboxing which is great to have for proprietary software. Or if the package isn’t available in the Debian repositories, and the alternative would be some third-party repo or deb file downloaded from a random website. And in rare cases when I need a specific version and the Debian maintainers are stuck with an old release.

The gist is probably:

• If you just want it to work: grab it from Debian’s own repos.
• If you desire sandboxing with both its positives and (potential) negatives: grab it as a flatpak
• If you desire a more up-to-date package: grab it as a flatpak

I’m not sure you need a password to access the shared libraries. Then basically all programs would need a password to run.

Personally I don’t like flatpaks because of the duplication of libraries. But you should do whatever you feel like. Both have merit.

Of course it would require password, you’re putting something into your system after all. Arguably, Flatpak has some layers between it and your inner system.

What di you mean your distro’s repo is an untrusted source? Did you do something funny to it?

I would go with Debian package but for me the primary consideration is how much I care about having the latest version of given software. Often I don’t really care that much. Although it needs to be said that I’m on Debian testing.

On Debian I would choose Flatpak because it will be generally much more up-to-date than native packages (which becomes even further true the longer through the release cycle we are).

Stable package > back port package > flatpak/snap.

Basically I want everything as stable as possible unless I have a particular need for a newer feature.

The main things I run from flatpak/snap are browsers and the Minecraft launcher because they are both regularly updated.

You are on the right track. Installing Debian packages don’t require password to access shared libraries but to write into system wide directories. That way you don’t need to install every software separately for every user. Flatpacks are ‘self sufficient’ packages and thus often way bigger, since they don’t generally share resources.

From security point of view there’s not much difference in every day use for average user. Sandboxed flatpacks can be more secure in a sense that if you harden your system properly they have limited access to the underlying system, but they can be equally unsafe if you just pull random software from a shady website and run it without any precautions.

Flatpacks tend to have more recent versions of the software as they can ‘skip’ the official build chain and they don’t need to worry about system wide libraries. Tradeoff is that the installations are bigger and as flatpacks run on their own little sandbox you may need to tinker with flatpack environment to get access to files or devices. Also if you install flatpacks only for your user and you have multi-user setup other users of the machine can’t access your software, which might be exactly what you want, depends on your use case.

Personally I stick with good old Debian packaging whenever possible, I don’t see benefits of containers like flatpack on my own workstation. Newer software releases or using software not included in official repository are pretty much the only exceptions when flatpacks make more sense to me.

But there’s a ton of nuances on this, so someone might disagree with me and have perfectly valid resons to do so, but for me, on my personal computer, flatpacks just don’t offer much.

IF the distro’s .deb is recent-enough, THEN go with that.

IF it’s generations out-of-date, then you may have no choice but to go with the flatpack.

OS-integration ( with apt, for the .deb ) is to be preferred, generally.

_ /\ _

Usually native packages are preferred, unless like you said you want a newer version. Some people also like the sandboxing that flatpak does if you don’t fully trust a program. The reason why the flatpak is so much bigger is because it needs to download the dependencies as well, because it can’t use the ones on your system. In this case since it’s a game it probably needs graphics drivers as well, which are fairly big i think.

i never have issues with flatpak

You might also consider linuxbrew as well, depending on your goals. AFAIK it’s almost the same as native but with better separation of dependencies.

Sometimes it’s specific to the application. As an example, yt-dlp is redistributed by Canonical, and they usually maintain stable packages, but their versions seem to lag like 6 months. This might be related to their desire for stability, or maybe just align to their release cycle. I don’t know.

The issue is that yt-dlp needs to be updated more frequently because websites break their methods of downloading, so the version that follows the latest version seems to work better.

I don’t think using PPA’s is usually recommended, (like in the photo) so I think I would recommend flatpaks first if the developer of the application maintains one themselves. (and you want to follow later releases.) Though, the first time I had to use flatseal to fix an application, I felt like flathub was a failed platform.

Go with deb package if they are both the same version.

Heuristic : if you don’t know, trust your distribution. If you don’t trust your distribution, pick another one, repeat.