Assuming this is a commercial vendor not available through your package manager, and that you must go to the website, pay and get a download link (with source in this scenario), how is this fundamentally different to a Windows user paying for and downloading something bundled with malware?
Were Linux to go mainstream, it'd be unrealistic to ask users to vet the source code! Who has the time and expertise? You fundamentally rely on others to tell you it's safe. On Linux it's a safe bet, since malware authors are less interested in targeting it.
Assuming this is a commercial vendor not available through your package manager, and that you must go to the website, pay and get a download link (with source in this scenario), how is this fundamentally different to a Windows user paying for and downloading something bundled with malware?
Were Linux to go mainstream, it'd be unrealistic to ask users to vet the source code! Who has the time and expertise? You fundamentally rely on others to tell you it's safe. On Linux it's a safe bet, since malware authors are less interested in targeting it.