This is an entirely separate system that tracks known malware and enforces a deny list policy. You're thinking of notarization and code signing, which is an allow list policy that you're allowed to circumvent. If you don't get your app signed and notarized you at least can still run it if your users are willing to trust you. It's annoying for technical users but fine for the average folk that really shouldn't be installing random FOSS tools they've never heard of before.
Why shouldn't average folk be installing random FOSS tools they've never heard of before? Some are great. It's ridiculous that anything can be installed from the Mac App Store by anyone where there are apps a plenty trying to trick you into some horrid weekly $60 subscription to even use the "free" app but actually useful, trusted and free FOSS apps are positioned as harmful. But hey, Apple gets their cut...
