[lrvick]

Fair point, but there is also no portable spec for this that works beyond systemd and there are plenty of cases where systemd is not desirable.

Maybe you want to run on an embedded system, or a hardened immutable system where you don't actually need bash and coreutils etc.

The OCI spec gives us all these features in a compact and portable package independent of any particular init system while also providing a way to verify and update images with signature verification over a network so you need not even have attack surface like ssh to manage updates.

Don't get me wrong, I love systemd for my desktop, however for servers I don't want a single binary present that isn't strictly nessesary for my target binary to function as it just gives adversaries a foothold.