Maybe I'm kinda skewed because I started with Windows, but I don't feel difference between downloading e.g Firefox on Windows and typing `apt-get install nginx` on Linux.
Maybe because it requires "huge shittons" of effort to try to controle the software, and yet, at the end of the day I still have to trust somebody (OS, Drivers, ISP, Firmware/Hardware, Govt)
I just don't expect every developer to be an expert at packaging their app. There's a thousand things to think of, and they might do an unreasonable hack just to get away with distribution.
If you get your packages from a single source, you mostly have to trust that source (lower attack surface), and can be assured they will meet a minimum quality level.
Example oopses from valve (but really, most vendors have theirs):
I've used Windows for 10 years prior that. Maybe the difference is not touching Windows for 10 years.
Sure, it is about trust. Browser addons and language packages pushed by authors, this results in leftpad, spyware. Distributions dissolves authors power, provides buffer, they pull new versions, walk it through stages, there are many eyes and build is (often) reproducible, stable distributions pull only critical updates. Overall effect would not be as dramatic.
