For Linux Desktops it is especially hard since many of the solutions are not oriented for desktop users and when the package manager is not used there are gaps in software enumeration.

The best solutions I've seen so far are essentially block access to all online repos and manage your own but many organizations don't want to go that route, with ubuntu you can even use the "appstore" UI for displaying only your repo.

Your thinking is also too narrow while I gave examples from a managed environment there are plenty of Linux users running on unmanaged machines. Most users even "technically savvy" ones are not going to be reading release notes and reviewing CVEs daily via RSS.

Having a reliable way to ensure automated updates for Linux especially for commonly used and exploited software is an important tool to have and I wish more repos would implement something like Windows Update than say "what if Firefox puts in a keylogger" because that isn't a good argument as you can argue to them back "what if you put in a keylogger?" if you already pull your updates from your distro's managed repo you already accept that risk as such the risk of having no automatic updates at that point makes you less secure not more.

If you want to use a different repo or build everything from source locally that's fine but that is a completely different security model.

Also neither shifting the blame or claiming FUD are good arguments. Firstly there was no blame associated with the end user, at any point where there is a security system failure the end user isn't the "causal factor" doesn't matter if it's an unpatched system or did clicked on a phishing link they are do not own any of the causal blame.

As for FUD, calling something FUD is generally intellectually lazy and is used to end an argument by moving the goal post and changing the subject.