Debian have served Whonix well but I would like to see Whonix based on Fedora. Better maintained packages. Qubes is based on Fedora too.
Interested in helping?
First step to have a compelling case, contribute to this table:
As for Fedora dnf package manager security, this issue is ridiculous:
DNF prompts for GPG key import for “repo_gpgcheck=1”-repositories
It leads to warning fatigue and and users disabling gpg verification of software repositories:
https://www.reddit.com/r/Fedora/comments/xtigd7/is_there_a_way_to_make_dnf_permanently_access_gpg/