Depending on a package manager has its benefits.

I personally try and use my operating systems package manager for all applications (in this instance, dnf on Fedora). The moment you start adding a million repos, third party package managers, Flatpaks, Snaps, random curl install scripts, etc, it becomes extremely unmaintainable.

What happens if the curl application depends on openssl, maybe with a legacy or specific cryptographic function? I assume the curl script will either install the required version, or include the relevant libraries right? Now that is outside of the system package managers scope, meaning updating openSSL to avoid some vuln now requires extra work.

What happens when you go from Fedora 44 to 45? You should be checking all your applications are supported on whatever version or operating system you are running. There is a decently high chance you run into dependency issues when some lib version is updated.

Package Managers are (generally) more secure and simple to use for an end user (they are using the OS to begin with).

Curl scrips are easier for the software developers.

Yeah, from source in that case. Or using a verified binary if I absolutely had to.