So why else do we pay someone to package and certify/verify open source projects? This is absolutely 90++% of what should be RedHats core day job.
replyNon-profit Open Source distributions also and already package and verify open source packages (arguably often with a higher quality of analysis than Red Hat).
replyYou pay red hat for compliance reasons (availability of a support you'll never call, mostly).