Well, in principe I do not see that much different between ‘curl | bash’, ‘sudo apt-get install’ or installing an app on your phone. In the end, it all depends on trust.
Considering how complex software has become and on how many libraries from all over the internet any application that does more then ‘hello world’ depend, I do not see how you can do if you are not prepared to put blind trust into some things.
Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?
Hum , interesting point. If you where a hacker, would you not prefer software to be spread out everywhere so people would be even more confused what is the real source for some application?
I guess people would then just depend on their search engine