I reported a bug with LibreOffice (the 'official' bionic-upgrade version) and LO support person suggested upgrading to a current version from their site. They said I was using an old version.
I prefer to upgrade via 'Ubuntu Software' in an attempt to reduce risk (security and stability) so I looked there.
It caused me to wonder if the more up-to-date, snap version, which also appears in 'Ubuntu Software' alongside , is (more) trustworthy than the Canonical distributed one.
Basically, how much trust can be placed in snap of a provider? This obviously requires comparing it to the trustworthiness of Canonical Corp...!
p.s. Please don't simply suggest to learn to read code and I won't suggest you learn DIY open heart surgery; humans specialise.
https://readyspace.co.id/en/a-technical-comparison-between-the-snap-and-the-flatpak-formats/ gives an overview of Snaps and speaks to the security advantages. In part:
Also, Snaps are distributed through a repository operated by Canonical. Since Canonical builds Ubuntu, the same level of security for Ubuntu itself should be provided to the users of Snaps.
Therefore, I conclude the security of a Snap-installed app is on a par with an app included with the original installation of Ubuntu, or an app installed or updated post-installation through Ubuntu Software, and the added sandboxing of a Snap can add to your system's security. Certainly it is more secure than an app installed by installing a downloaded .DEB or using a PPA.
https://www.darkreading.com/application-security/how-hackers-infiltrate-open-source-projects-/d/d-id/1335072 also adds a little insight:
Most folks are familiar with the Ship Of Theseus question: If you replace all the parts, is it still the same ship? If you took all the original parts and rebuilt the original parts, which is the original ship?
This question about "safest" heads down some of the same meta paths. There are three alternatives, and they all arrive at the same location, but at different times.
When a high-priority vulnerability in --let's say-- LibreOffice 6.0 is disclosed and a patch created, the patch moves in several directions:
The Ubuntu Security Team uses the patch, and issues a security fix without bumping the version number. Version 6.0 remains version 6.0, but the vulnerability is now gone.
Under the hood, you can see this in the package version that apt sees: 6.0.7-0ubuntu0.18.04.10. It's not stock 6.0 (with the vulnerability) anymore.
This patched package goes out through the -security pocket of the Ubuntu repositories, and most folks get it installed in the background without even noticing that anything changed.
LibreOffice adds the patch to all their other changes and issues a new, exciting release a few weeks later: Version 6.1! Everybody should update! New security fixes!
This update gets packed in the next release of Ubuntu, and gets pushed to Snap users. Example: Ubuntu 19.10 uses LO 6.3, and Ubuntu 20.04 is testing LO 6.4. The current LO snap is also 6.4.
What the update hype does not mention is that Ubuntu users of 6.0 and 6.3 get most of the SAME security fixes as 6.4 users, right away (see #1 above). Their systems are just as safe as newer versions.
The upshot is that it doesn't matter which Ship Of Theseus you are standing upon. They all travel safely. Your choice of LTS Release/Interim Release/Upstream Release/Snap does not need to be based upon the criteria of safety. They are all safe. Your choice should be based upon convenience -- which kind you are most comfortable working with.
Admittedly, lots of folks (like that well-meaning LO support person) don't quite understand how Ubuntu security works. Their insistence that newer-is-better is understandable from the upgrade-hype, though still perhaps misguided. As long as you have -security enabled and Unattended Upgrades enabled, your 18.04 version of LO is SAFE. Just as safe as everybody else's newer versions and snaps.