Comment 1 for bug 1029157

I like that idea. But an option to block third-party software would need to be lower-level than USC and gdebi, to also prevent someone from using dpkg -i from the Terminal.

Third-party software could be blocked either at install time, as you suggest, or at launch time. You link to a screenshot of GateKeeper, which blocks it at launch time. The Mac has a framework called Launch Services that is responsible for launching any application, including checking whether it has ever been run before (LSQuarantine), whether it is on the list of known malware (XProtect), whether anyone has permission to run it (GateKeeper), and whether you in particular have permission to run it (Parental Controls). I expect we would need something equivalent at the kernel level if we hoped to block third-party software at launch time.