Google begins to deploy a very rudimentary web of trust system in order to filter out malicious software from open source. They refer to it as "social voting."
Would you let users vouch for unknown software's safety with an upvote? Google does
Effectively it allows users to install the software willfully via a positive signal to the system, and if a number of other users decide to vote for it, then that group of users can install the software.
Voting continues and if the number of positive votes exceeds another arbitrary number, the system allows anyone to install the software without asking them if they're sure.
A single downvote stops voting until an admin looks at the situation and either on flags that downvote or downvotes it themselves which would tag it as malware.
There's an obvious hole in the scheme which is that if a single downvote is all it takes to trigger a manual review, someone will set up a bot to downvote every single piece of software on the system – just because they can. And that's before we get to the question of people who want to squash the competition by downvoting the competitive software.
The first part's okay – the second part is inevitable.