"An incident like the WaterFall malware can only be avoided when users are trained not to trust
third-party software blindly."
Argh. This is not the only possible solution! It makes me sad that the linux community assumes
that discriminating among sources of software is the only solution. That solution doesn't scale,
nor does it work even at the scale of software production and software use that we already have.
The "other solution" -- the one that most people seem to find inconceivable -- is *don't give it
permission to do things that it doesn't need to do*. An eye-candy display for xlock doesn't need
to do anything other than generate pretty patterns on the screen. If that is all that it is able to
do, then it doesn't matter if you download your eye-candy from http://eyecandy.suspicious.ru or
if you receive it in email from firstname.lastname@example.org.
Now implementing an access control mechanism that could enforce this while being usable is a
hard job (it would require capability access control instead of the access control lists that we
have now). But at least it is possible to solve the problem that way, unlike the "discriminate
among sources of software" way, which will never work unless we cut down the number of
contributors of open source software to a couple of hundred total programmers world-wide.