Nowadays, you can also mostly life with just choco install on Windows. Not as well vetted as Debian packages, but a lot better than google.

But that only helps power users. On linux learning these things is simply a necessity because installing things outside your package manager is even less user friendly.

This is the essence of most of the rhetoric I'm seeing in this thread: Linux is more secure because its users are more technical.

I thought choco software is not vetted but managed by individuals, like the AUR in arch.

I dont know, i think the graphical frontends to package managers on linux are much easier than downloading and installing an exe on windows

I wonder how many preinst/postinst scripts are being read by apt users prior to install/upgrade? These run as root, making them a bit worse than the typical curl|bash after all.