You have it backwards. The engineering culture that said autoconf increases attack surface, the culture that said that the design of PAM is too complex, that did not accept the patch to link libsystemd to sshd, is the one that constantly tries to avoid unnecessary dependencies.
The engineering culture that non-ironically suggests linking a JSON parser is the culture that disregards the challenges that maintaining dependencies brings.
Yesterday it may have been soups of automatically generated shell scripts, but today it is soups of automatically generated YAML and JSON.
... The engineering culture which gave us 200kb fragile, semi-autogenerated configure scripts checked in to our repositories. Configure scripts which - as we've just seen - are a great place to hide malicious code.
I can't take this criticism seriously. 200kb of configure script = good, 1000 lines of JSON parser in bash = bad? What?
The engineering culture that non-ironically suggests linking a JSON parser is the culture that disregards the challenges that maintaining dependencies brings.
Yesterday it may have been soups of automatically generated shell scripts, but today it is soups of automatically generated YAML and JSON.