In the “Software” system tool I have automatic updates disabled, but somehow I still see flatpak updates happening, sometimes with disasterous results (e.g., an incompatible version of KiCad getting automatically installed). The latest update (fortunately benign) occurred at 6:30 AM today according to the ctimes of files in /var/lib/flatpak. How do I stop this? My “nuclear” option would be to put /var/lib/flatpak on a separate filesystem and mount it read-only, but that’s likely to cause other issues.