There's always doubt about software. Even if it's your software, the compiler or the distribution site can be compromised. It's not a technical problem - it's like saying "you shouldn't interact with people if there's any doubt about them".

The solution is choosing an acceptable level of trust and putting safeguards like sandboxing where possible. (And ideally monitoring on the possible violations)

This is too one size fits all. It's either "every package is untrusted" so the repo is useless, or it's "there's too many people to keep track of the trust level of" which is insecure.

It's much harder to make a trust bet like that than, in principle, to make a local decision like "Hmm, why is the xz tool requesting access to the ssh port? That doesn't seem right"

What we need is something orthogonal to package managers, something like Firejail or bwrap.

In other words, sandboxing based on permissions, without loosing the advantages of having fine-grained control over dependencies.

Flatpak is a step forward in terms of sandboxing, but a step back in terms of dependency control.