Thanks @alexmurray. We have no concerns about the about the security of Snap confinement, and I think the Snap team is doing incredible things for secure app deployment on Linux.
This ask comes from two places: first, our app is available in several package formats, and we want to be able to reason about its baseline security design in a way that’s as simple and consistent as possible across distributions. Disabling the Chromium sandbox for the Snap build gives us more variations in behaviour and a larger surface area to understand and protect.
Secondly, we are not too concerned about the security of the main process. Snap confinement and AppArmor are a great help there. But we want to do everything we can to harden the renderer processes with web content, and we believe the Chromium team is in a unique position to assist here since they understand exactly what their platform needs. Doubling up on sandbox tech with different focuses seems preferable to us to disabling any of them.