> And what if upstream is problematic? 

That would be the same problem for official packages. Unless I am mistaken, the difference between maintainers for the official repos versus AUR, is that the former is a trusted/vetted person. But afaik, they also just package upstream software. I doubt they will read through tons of commits to see if there might be anything nefarious there.

It would be better if software would be forced to have something like a very advanced manifest file, with requested permissions. Malware has to eventually communicate with endpoints, so a declared whitelist of endpoints should definitely be part of such a manifest. Some wrapper program could set up a namespaces that allows just what is requested. Any software that requires `endpoints = [.*]` would make it obvious to the user that it is a really dangerous piece of software. Your code editor should not ship like that.

The first thing I can think of in this direction is flatpak, but that is really coarse grained, with defaults that are very lax. Also flatpak-like solutions do not expose an api to the wrapped application, which is both a pro and a con (a con when you consider installing application plugins requiring further permissions).