[ChocolateGod]

> apt/dnf scripts run on packages a maintainer signed and a distro gatekept

Unfortunately apt/dnf isn't much better here because random tutorials online suggest people add random repositories where the creator of any repository effectively has root access to anyone machine that adds it as a remote.

[Zardoz84]

It's the exact same problem when random tutorials (and official pages) recommend to do a curl "URL" | bash to install something. Every time that I see it, I look it suspicious.

[orphea]

Don't add random repositories from random tutorials? Come on, it's basic Internet hygiene. Entirely different thing.