Jia Tan liked your comment
Without the traditional distribution workflow [...]
You are aware that the xz exploit made it into Debian Testing and Fedora 40 despite the traditional distribution workflows? Distro maintainers are not a silver bullet when it comes to security. They have to watch hundreds to thousands of packages so having them do security checks for each package is simply not feasible.
Aren't AppImages still limited to Xorg?
Also there's no centralised update mechanism or dependency deduplication, no?