Only fedora can put stuff in their flatpak repository presumably. That makes them a gatekeeper. Why is a repository needed? If it was the same, Mozilla would be able to put a flatpak file for Firefox on their website and it would be the preferred way to install Firefox.

Of course everybody (including Mozilla) can create their own repository and then you can install from any repository you like. But how is that different than just downloading whatever and installing that? And that's more of a hypothetical. Mozilla doesn't do that and doing such things is not common.

What Apple and MS enforce via signatures is that what you install and run was produced by somebody with a valid certificate that passed their screening.

The problem flatpak hasn't solved is that the likes of Mozilla still have no good way to distribute the most recent version of their application to all Linux users. So they put a tar ball on their website instead.

Mozilla publishes firefox on Flathub and anybody can install it from there. After, I'm not sure why they don't advertise it, most apps distributed this way just have a button that do so.

Fedora has its own repo, they manage it, i don't see the problem there. After it doesn't prevent adding others like flathub and the experience from a user point of view is the same.

You can also provide a flatpak ref file that user can use to install.

Signing app doesn't means much appart that someone paid for that and went through a process IMO, there's not much value to it from the user pov, especially when the first thing a Windows user learns is to ignore signature warnings.

Have you tried using flatpak?