But those are two very different things, I can very easily give you a one liner using curl|bash that will compromise your system, to get the same level of compromise through a proper authenticated channel such as apt/pacman/etc you would need to compromise either their private keys and attack before they notice and change them or stick malicious code in an official package, either of those is orders of magnitude more difficult than writing a simple bash script.
You didn’t knew that the tool to handle URLs written in C (very creatively named C-Url) was handling URLs? It’s also written in C if you didn’t knew.
Math is not adding up, there are 365 days in a year, removing weekends that’s 261 days. In Romania you have 20 days of AL guaranteed by law, plus there are 17 holidays but some fall on weekends so let’s say 10, for a total of 231 work days a year.
A work day is 8 hours, so 5 working days a year are 40 hours per year. Dividing by the amount of days of work it’s 0.17h or 10:30minutes, considering people commute two ways that’s 5:15 minutes per trip stuck in jams.
Sure, annoying, but definitely not economy shattering. But if they think so, maybe let people work from home, it would diminish the amount of cars on the road, and completely eliminate jams for some of the people.
But what is a trusted provider? How can you trust it? How sure are you that you’re not being MitM? Have you fully manually verified that there’s no funky flags in curl like -k, that the url is using SSL, that it’s a correct url and not pointing at something malicious, etc, etc, etc. There are a lot of manual steps you must verify using this approach, whereas using a package manager all of them get checked automatically, plus some extra checks like hundreds of people validating the content is secure.
To do apt get from an unknown repo, you first need to convince the person to execute root commands they don’t understand on their machine to add that unknown repo, if you can convice someone to run an unsafe command with root credentials then the machine is already compromised.
I get your point, random internet scripts are dangerous but random internet packages can also dangerous. But that’s a false equivalence because there are lots of safeguards to the packages in the usual way people install them, but less than 0 safeguards to the curl|bash. In a similar manner, if this was a post talking about the dangers of fireworks and how you can blow yourself up using them your answer is “but someone can plant a bomb in the mall I go to, or steal the codes for a nuclear missile and blow me up anyways”.