Satire is so hard on the Internet and maybe I'm just thick headed. Just to clarify things, is that a suggestion to shove a JSON parser into either bash or autoconf?
You have it backwards. The engineering culture that said autoconf increases attack surface, the culture that said that the design of PAM is too complex, that did not accept the patch to link libsystemd to sshd, is the one that constantly tries to avoid unnecessary dependencies.
The engineering culture that non-ironically suggests linking a JSON parser is the culture that disregards the challenges that maintaining dependencies brings.
Yesterday it may have been soups of automatically generated shell scripts, but today it is soups of automatically generated YAML and JSON.
... The engineering culture which gave us 200kb fragile, semi-autogenerated configure scripts checked in to our repositories. Configure scripts which - as we've just seen - are a great place to hide malicious code.
I can't take this criticism seriously. 200kb of configure script = good, 1000 lines of JSON parser in bash = bad? What?
(that’s unfair, there’s probably tooling to build the shell scripts automatically I bet)