Debian have served Whonix well but I would like to see Whonix based on Fedora. Better maintained packages. Qubes is based on Fedora too.
Interested in helping?
First step to have a compelling case, contribute to this table:
As for Fedora dnf package manager security, this issue is ridiculous:
DNF prompts for GPG key import for “repo_gpgcheck=1”-repositories
It leads to warning fatigue and and users disabling gpg verification of software repositories: