Fedora packages versus upstream Flatpaks

Those end users are doing that.. they are wanting a third party to do the work in an auditable method. For many of these users, the years of experience of either being an upstream or working with an upstream have taught them some hard truths. It is very rare for an upstream to write their build system from scratch. Most are relying on other people's code to make the build work. They usually didn't compile their own compilers system libraries, or other utilities but are relying on some distribution to do it for them. They are usually not spending too much time on various auxilliary libraries but letting whatever pip, cargo, gems, etc brought in.

If the upstream does its job well, then it will pass along what all those decisions to you the consumer in some form of bill of materials or manifest. In some cases, you will get a blob of software that they compiled, and a bundle of all the libraries, helper-apps, etc that the upstream has felt was needed to make their blob work. Basically every snap, container, flatpak, etc is its own distribution. If you are lucky they may choose to use a layer provided by some other operating system as that basis, but in many cases.. they don't.

That is probably not a big problem.. linux has been about exploding numbers of distributions since its beginning. The bigger issue is that most of the users do not assume problems with said containerized application is the responsibility of the upstream. Instead security problems, XYZ app ate all my files, etc are shoved onto the distribution as it is what the user knows and what gave them the downloader which got the flatpaks or snaps or containers in the first place.