If you need to tweak them, Flatseal is a great tool.
Fedora doesn't recommend doing updates that way :) See https://fedoramagazine.org/offline-updates-and-fedora-35/
> Sure, distribution upgrades nowadays are just like Windows update requiring a system reboot and a black screen with a useless progress bar to stare at (that's also a pretty annoying relatively recent addition).
Silverblue doesn't have a black screen with a progress bar — it just boots straight into the updated version. I assume Kinoite (like Silverblue but with Plasma instead of GNOME) is the same.
> And until flatpak delivers tangible finegrained software sandboxing (at least Android level sandboxing)
Flatseal may provide what you want here: https://github.com/tchx84/Flatseal
> I'm not really interested in using it for software that's already packaged in the dnf repositories.
Fair enough. I mentioned it because it removes this problem:
> every time I update Firefox in my OS, and it won't allow me to spawn new tabs until I restart Firefox.
I use Flatpak extensively and I fully agree with you and the author of the response that there is a need to balance practicality vs. idealism when it comes to (fully auditable) FlatPak apps, as well as FlatHub's overall approach and continual work within the desktop Linux ecosystem.
What's more, the fact that an entire domain was devoted to what could have been a blog post gives credence to the responder's notion that this is FUD which, while valid for discussion, is most certainly not beneficial to the FOSS community writ large.
Either way, from the article you linked TIL about Flatseal[0] so I'll be taking that for a spin!
Also, if you want to review or change these settings, you can use Flatseal[0]. Arguably, it should be installed by default.
The problem with flatkill.org is that it leads to users rather downloading a random deb off the internet or an AppImage than using Flatpak, which both have worse security stories.