| Developers relying on OS scripting runtimes for their applications are misusing the OS; and environments that only allow the use of OS scripting runtimes are fundamentally misunderstanding their job. OS scripting runtimes are there for the OS to use, in its system software and services. Such runtimes are not there for anyone else to use. They’re implementation details of the OS. This is the reason that certain platform-bytecode libraries get packaged into OS packages, while most don’t. Those packages are also there strictly for the OS itself to use, with versioning allowing other OS packages to rely on them. If you’re not writing OS software (e.g. something that runs under init(8), speaks D-Bus, is part of minimal installs, etc.) then you shouldn’t be relying on those packages. Consider the fact that a lot of “application software” OS packages—packages shipped by the distro!—actually vendor their own runtime and libraries. They do this because they have separate needs from the super-stable-but-minimal runtime provided by the OS. If not even the distros themselves think it’s worthwhile to rely on the OS runtime for everything, you shouldn’t either. Unless your software’s relationship with a daemon or library is “I expect that it was already here when I got here, because that exact ABI version of it is part of the definition of the platform we target”—just vendor the dang deps. Yes, they become your responsibility to audit. The distro was never going to do that job for any software not required to run itself anyway. |