Thunderbird 115 has been out over a week now and the lack of packaged versions, especially Flatpak, is beginning to raise eyebrows. Gotta admit, I’ve been curious at the lack of a Flatpak version since the day they announced it’s “availability”.
An article:
https://www.webpronews.com/thunderbird-leaves-linux-users-waiting-for-much-hyped-version-115/
Linux Cast episode:
I thought the same until I discovered that Flatpak gives me the power to restrict apps in their permissions, similar to firejail, but less cumbersome. Since then I actually prefer Flatpak over traditional packages (I even switched to Fedora Silverblue), as I have a global override that, for example, revokes permission to access the root of my home directory or to use the X11 display server.
This allows me to keep a clean home directory, as applications are prevented from writing into my home directory (configuration files then automatically get stored in the Flatpak directory ~/.var instead) or, even worse, into executable files, such as ~/.bashrc. I can also be confident that applications use Wayland, if they support it, and not a less secure display server (X11). Applications that don’t support Wayland yet can either be made to run under Wayland (Chromium / Electron) or I have to grant those applications permission to actually use an X11 server (Bottles / WINE, Steam).
On the other hand you can also opt into punching as many holes as possible into the sandbox, for example by granting applications the permission to access a local shell. That might be necessary for development tools, such as VSCodium. The thing I like about Flatpak is that it offers this kind of flexibility and you can decide on a per-application basis which system resources the application can or can not access.
Sure, the permission model isn’t perfect (e. g. D-Bus access), but for my use-case it is a huge improvement and it gives me more flexibility with selecting my distribution, as I can get the very same up-to-date applications anywhere via Flatpak.