Going by your lingo, it sounds like you need temple more than anyone
To
Temple or nothing
No, its the exact opposite.
Supply chain conpromise is a level of risk to manage not unique to FOSS. Ever heard of sunburst? It resulted in a lot of Microsofts cloud customers getting wreaked all because their supply chain was compromised.
Do people continue to buy into 365 and Azure? Yes. Without care.
So will this hurt open source projects? Not at all, in fact it will benefit them, highlight just why source code SHOULD be open source and visible to all! We would have had very little to no visibility and capability to monitor closed source. Let alone learn, improve and harden how projects can protect against this increasingly more common attack.
You’ve obviously never used nix, it’s GUI installer can auto configure just fine.
When your OS AND apps are declared and stateful a lot of risk and complexity is removed. Configuring is just a bad experience with poor usability and worse documentation.