They both are cryptographically signed and validated.
However, the deb package from APT would likely have a stronger parentage that is traceable than a snap package version. Anyone can make a snap package and submit to Canonical's snap store.
Code:
$ snap search vlc
Name Version Publisher Notes Summary
vlc 3.0.11 videolan✓ - The ultimate media player
dav1d 0.7.0 videolan✓ - AV1 decoder from VideoLAN
The "videolan" above does imply that the same team doing the deb packages and snap for vlc is the same.
Code:
$ snap search videolan
Name Version Publisher Notes Summary
vlc 3.0.11 videolan✓ - The ultimate media player
dav1d 0.7.0 videolan✓ - AV1 decoder from VideoLAN
seems a handy search as well.
As for application security post-install, that's a huge question that has been gone over many times in many different places. Snap packages run inside a sandbox/container restricted environment. This causes problems for many users and for less popular integrations to the program.
Bookmarks