The rise of open source, garbage-collected languages, language runtimes and centrally controlled appstores has become the norm.
Why haven't we had an evolution of better ways of linking/loading applications and policy enfocement that improves memory safety, user security and privacy without the rent-seeking central app store mechanisms? Something like docker or podman but at an application binary level that can enforce a stricter contract and policy enforcement (and maybe portable across OSes) using advancements in languages and systems such as refinement types, SMT solvers, proof systems etc.,
Is there any practically usable software that strives to do this?
A fair bit of software is some Windows binary that has been digitally signed to verify its authenticity, alongside Linux binaries (.APPIMAGE is my fave portable piece of software that runs everywhere without having to install). You can check the authenticity of the .APPIMAGE by check-summing it and comparing against public lists of sums which are known-good hashes.