>Sounds like you either shouldn't use Debian or should find a repo with maintainers who align with your preferred style of package inclusion.

Are there actually viable alternatives to the default debian repo? At best there's repositories run by various projects, but that's basically the same as level of security as "run a random binary you downloaded off the internet". The only plausible way that package managers increase security is through curation. If you're just blindly adding whatever repo to get some software installed, you're back at square one.