I like how Android shows what permissions an App requires to function on your device. I know a desktop OS is not the same, but it would be nice direction to head. That way when you decide to install, the deb tells you what level of access it requires. Unfortunately, you'll never get everyone to proceed with caution, but making things too difficult will push people away like UAC did in Vista.
How about instead of forcing policies on the users to make it a hassle to install 3rd party software, we instead try to teach the users what to trust and what not to.
A few simple guidelines should be enough, things like Ubuntus own repo is considered trustable and should be used when possible. If not, use a signed repo that could be considered trustable. Only install .debs manually if you really really have to, and GDebi on Debian already advices you to install the repo version of a package if it's available.
In my opinion, this approach is far superior to automated policies. Remember, the bad guys could always lie. If you tell them the truth before they encounter the lies, they have a fair chance at detecting it.
The question is really what road they want to take. Either they can with the super secure way where everything is controlled, or they could learn their users to not add repositories they're not sure about. And certainly not run programs as root.