I disagree with that. IMHO the best possible people to create a package for an application are the original developers of that software. If that software is proprietary, that also happens to be the only party that can legally do that anyway. Because it typically requires access to the source code and software redistribution requires permission.

So, the model you mention only works for open source packages. And I would argue that even in the case an app is 100% open source it's a bad idea for somebody not affiliated with the core development team to be second guessing a lot of things about that application.

It results in a lot of issues that aren't necessary. Like needless lag between developers releasing new software and some third party doing whatever uninvited tweaks they think are necessary, or adding their own bugs and new issues.

It's why I always install Firefox in tar ball form straight from Mozilla for example. It updates itself as soon as developers OK some patch. This happens a lot and mostly for security and stability reasons. I want those patches when they release them. The things external distribution maintainers do are redundant. I trust Mozilla to do the right thing and be the most clued in about any issues regarding their own software. With proprietary stuff, I just want stuff to run with a minimum of hassle.

Flatpak is trying to do too many things. It's trying to emulate an appstore. I don't necessarily like app stores. They are gate keepers. What do developers on Windows and Apple do? They put binaries on their own website. You download them. You install them. And then they run. Downloaded apps have the same rights as apps provided via app stores. The app stores don't repackage the app, they merely distribute them. It's an add on service. An optional extra. All the essentials that provide security are baked into the OS and the application package. There are a few mechanisms that windows and mac provide to make things secure. Binaries are signed, the OS has a permission model for things that need that (screen sharing, directory access to certain things, using the webcam, etc). That's the right model. That could work for Linux as well. It shouldn't require taking control of distribution or packaging by some third party.

Flatpak is more of a set of tools and framework. I wouldn't consider it as a store but a distribution system. Flathub is a repository, Fedora has its own repository and anybody can creates its own repo (I wouldn't call it store as there is no concept of monetisation).

I wouldn't consider flatpak as a gatekeeper as there is no "team" going through some arbitrary process to allow/disallow an app.

I also disagree with the fact that macos and windows did the right thing, what I found in my experience managing laptops in a company that is roughly 1/3 windows, 1/3 linux, 1/3 macos is that: - What windows is teaching users is to download random stuff and bypass the warning screens if something is not signed. Unless there is a company policy and a third party software to update what is installed, by default things installed are a mix of up to date and not update to date software. - Macos user do not install operating system and software updates unless a third party software is installed and force them too - Linux users have things up to date, only distribution version updates (e.g. fedora 41 to fedora 42) are inconsistent.

So my take is that, even if things on not perfect with flatpak, rpm/dnf, fwupdmgr and package manager, this is much better than having to pay for third party tools in macos and windows because of the lack of a good way to distribute and maintain apps at the operating system level.

I think that you are right about not depending on one open source OS to provide the proper depencencies, customizaion, and training wheels for every app. I have been running linux on my desktop for about 20 years, about one decade of Mint followed by the same of Fedora so far. Being a curious but fussy guy who installs lots of software to see what works, I find that I need to install a fresh OS about every 18 to 24 months.

There are, I suppose, always a few programs that don't get upated by 'sudo dnf update' but do get bothered by updates to the shared libraries via the same. Perhaps there are some config files that get damaged by software bugs or power outages or system crashes or my own mistakes and carelessness. I also found out that if one loses the dnf program, one will discover just how impossible it is to pull oneself up by oneself's bootstraps.

Mint was a very similar situation. Maybe not so bad for one who follows all the rules, but in those bygone days there were people suggesting that updating Mint programs with newer versions fron the ubuntu or debian repos was a good idea. And because Mint was slow to get updates, I would attempt to update some apps by downloading source and building and installing here.

Last year, when I upgraded Fedora from 39 to 41, was the first time I got any OS upgrade to work instead of wiping the disk, doing a fresh install of the new OS version, and then spending a week or month trying to get my data for the installed apps (eg web browser and email) from backups. But the upgrade took much longer than it should have, because once I started running the upgrade process, I did not know that the computer sitting there dead silent with no action on the screen for about 30 hours was a sign that all was going well. Computers are evil.

You van havê other repos in flatpak than flathub, so in theory the devs can package their app on their repo and tell the user to install it