[throwaway2048]

lots of binaries are distributed as compiled, thats one of the attractions of a unikernel you can just hand people a VM image of whatever the hell you want.

In regards to what could be rebuilt, computer security is plagued with "coulds". What matters is what is done.

[KirinDave]

This is a tricky argument you make because it's so asynmetrical. You can essentially cherry pick the worst opsec and the most dedicated attacker and then use it to discount an entire technique.

I will not play this "Use OpenBSD because it has a new technique that is fashionable" game that I know is being played.

Custom baremetal custon built VMs is not really in the business of distribution appliance images. That's Docker. Different use case. So what IS done is a workflow to rebuild these images when they change.

And that's often. Their HTTP routing table is literally baked into the image. They're not "reusable" for the most part.