> How realistic is this for regular users? And even power users, in some cases. Let's say you download the install script. It's either hundreds of lines or it in turn downloads and runs some blob. Are you comfortable asserting your review is enough?
> Is this truly so different to clicking on some random Windows installer?
Yes, because you literally can't look in a random Windows installer (or, at least, it's not made to allow you to do so). It's true that many users won't have the competence to read and understand source code, but … it seems like that may be a genuinely unsolvable problem (if you want powerful software to be available to non-dev users); I don't know much about my car, but I could, and, when it is genuine complexity making understanding difficult rather than intentional black-boxing and obfuscation, I don't blame that on the car manufacturer.
> Yes, because you literally can't look in a random Windows installer
Most windows installers are regular archive formats, with either msi information or an executable tacked on. They open just fine in 7zip. Of course analyzing the binary files inside the installer is another matter.
MSIs often contain CAB files, which 7Zip can also open, though usually files in MSIs aren't named the same as their uncompressed files (i.e., .dl_ for .dll).
> Is this truly so different to clicking on some random Windows installer?
Yes, because you literally can't look in a random Windows installer (or, at least, it's not made to allow you to do so). It's true that many users won't have the competence to read and understand source code, but … it seems like that may be a genuinely unsolvable problem (if you want powerful software to be available to non-dev users); I don't know much about my car, but I could, and, when it is genuine complexity making understanding difficult rather than intentional black-boxing and obfuscation, I don't blame that on the car manufacturer.