> As a general rule I am willing to accept RPMs, pacman ?? packages, and
> .debs, when they are from the Distribution's own package libraries, or
> hardware vendor supported, as otherwise I don't know the people providing
> the package. I have this strange belief that when a developer supplies
> a package to the Distribution owner for inclusion in their libraries, the
> Distribution owner does some level of verification/validation that the
> package plays nicely with the distribution and other applications. Maybe
> even some security checking?
I'm with you, here. AFAIK Debian packaging does not in and of itself
come with any sort of "security checking", tho. So, if there are
security benefits (personally, I do believe there are) they are mostly
indirect result of the packaging process, e.g. in the presence of extra
eyes, or in the need to investigate the details of the licensing, or the
need to follow the rules about where files are placed, or in the
avoidance of vendoring, or in the "slow" pace of stable releases, ...
For that same reason, I try to stay away from things like Snap/Flatpak
which seem to be a way to skip all that "process" and run effectively
black-boxes, thereby preventing you access to the usual transparency
benefits of Free Software.
It's been a long time since I last used Wine (FWIW, it was to run the
Windows version of Emacs, to try and reproduce a bug locally 🙂), but
IIUC the software you intend to run via Wine will probably be what I'd
usually describe as "proprietary crap" a.k.a black boxes, so it seems to
be one of the cases where the use of Snap/Flatpak should not make things
much worse.
Stefan
