As it stands now most package managers already require signatures before installing applications. We already put trust in the people who maintain the repositories- and whose keys we've decided to use for verifying code. My issue isn't so much with who polices it, my concern is how easy can I override it.
I would have absolutely no problem with Ubuntu shipping with this exact same feature, assuming that I can also add in other sources of trust and self sign extensions I want to place in.
My point is that the problem isn't whether someone can make these decisions or not. It's good to have people make them, and that extra level of protection can mean a lot. None of that is a problem- the real issue is Apple attempting to enforce exclusive trust.
I would have absolutely no problem with Ubuntu shipping with this exact same feature, assuming that I can also add in other sources of trust and self sign extensions I want to place in.
My point is that the problem isn't whether someone can make these decisions or not. It's good to have people make them, and that extra level of protection can mean a lot. None of that is a problem- the real issue is Apple attempting to enforce exclusive trust.