> I do believe that the path forward has to be Mac OS/Android/iOS style sandboxing
No this would be exactly the wrong path. One of the major strengths of FOSS/Linux is the fact that there are multiple authorities checking the code for bugs and security issues. You usually have at least three stages: contributor -> release manager -> package maintainer. On some distribution you even have a dedicated security team. And on top of that, since it is FOSS you have full synergy across the whole ecosystem. Which means e.g. if the Debian security team finds a bug the Arch team can correct the problem within hours.
FOSS needs to play it's strengths and the fact that the general case is running trusted software whereas the exception is running untrusted software is one of those major strengths. Which means additional complexity and user annoyances stemming from overarching access control measures only apply selectively to a small set of programs.
Responsive package maintainers do not help in any way with Firefox zero days, vulnerable codec parsers in MPV, a weird LibreOffice extensions scanning all my files and sending it to a server, or a VS code extension downloading and running random binaries.
I want to get my packages from a trusted central repository. AND I want most of applications to be sandboxed and have restricted access permissions to the filesystem and network.
There is no reason why repos can't package desktop applications in a way that runs them inside a sandbox by default, whatever the concrete implementation is, with me also having the ability to run randomly downloaded binaries with the same security guarantees.
And yet so many critical open source projects have had majorly serious security bugs that have gone undiscovered or unfixed FOR YEARS.
Despite the claims otherwise (with 0 proof), FOSS has next to no advantage in the security realm vs proprietary stuff. At the very least the security guaruntee you get from open source code, is that you have the ability to verify the code (and not pre-compiled binaries you get from the project's website) has no backdoor or otherwise malicious crap in it.
No this would be exactly the wrong path. One of the major strengths of FOSS/Linux is the fact that there are multiple authorities checking the code for bugs and security issues. You usually have at least three stages: contributor -> release manager -> package maintainer. On some distribution you even have a dedicated security team. And on top of that, since it is FOSS you have full synergy across the whole ecosystem. Which means e.g. if the Debian security team finds a bug the Arch team can correct the problem within hours.
FOSS needs to play it's strengths and the fact that the general case is running trusted software whereas the exception is running untrusted software is one of those major strengths. Which means additional complexity and user annoyances stemming from overarching access control measures only apply selectively to a small set of programs.