> As a general rule I am willing to accept RPMs, pacman ?? packages, and > .debs, when they are from the Distribution's own package libraries, or > hardware vendor supported, as otherwise I don't know the people providing > the package. I have this strange belief that when a developer supplies > a package to the Distribution owner for inclusion in their libraries, the > Distribution owner does some level of verification/validation that the > package plays nicely with the distribution and other applications. Maybe > even some security checking?
I'm with you, here. AFAIK Debian packaging does not in and of itself come with any sort of "security checking", tho. So, if there are security benefits (personally, I do believe there are) they are mostly indirect result of the packaging process, e.g. in the presence of extra eyes, or in the need to investigate the details of the licensing, or the need to follow the rules about where files are placed, or in the avoidance of vendoring, or in the "slow" pace of stable releases, ... For that same reason, I try to stay away from things like Snap/Flatpak which seem to be a way to skip all that "process" and run effectively black-boxes, thereby preventing you access to the usual transparency benefits of Free Software. It's been a long time since I last used Wine (FWIW, it was to run the Windows version of Emacs, to try and reproduce a bug locally 🙂), but IIUC the software you intend to run via Wine will probably be what I'd usually describe as "proprietary crap" a.k.a black boxes, so it seems to be one of the cases where the use of Snap/Flatpak should not make things much worse. Stefan