pull down to refresh

The idea is to leverage the web of trust for security and curation, so there's no "one size fits all" authoritative approach like all the current app store models - it's all weighted by who you follow/trust. Having curators is not a requirement.
That said you are right in that curation could remain important piece of the puzzle. Many people don't have the time or expertise to judge a developer or a result of a malware analysis DVM. So what I mentioned about NIP-51 lists could be even bigger than I thought.