Security is one aspect. You are distributing all the dependencies with your binary now, if a vulnerability is found in any of those dependencies you’re going to have to push out a new build instead of your OS providing you with an updated library.

The same thing is going on now with Snap/Flatpak. They don’t use system libs, they use their own integrated ones. If a lib has a security issue embedded in the app, the app developer has to make a new build. But, even if the developer doesn’t make a new build, that is the only app that is vulnerable, your distro will push a new build in the repos probably a lot sooner than the dev of that app.

As I said, Windows devs have been doing this for ages. Why? DLL hell is one reason, the other is “everything just works out of the box” (no end user late night calls after deployment). This was a security nightmare, I agree, but the alternative was a lot more work (make sure every user out there have those exact dependencies installed which work with your app)… not to mention this scenario: MS pushes a new version of that dll in an update or a redistributable, and guess what, your app doesn’t work with that version 😒. Great, now I gotta debug to see what the reason is. What if the buyer doesn’t want to pay you for this update? It has happened. It’s not my fault that MS pushed this.

We’ve had a situation where specific versions of C++ runtimes had to be installed because the software just doesn’t work with the latest ones. Not to mention hunting down those specific versions is a PITA. And even then there were problems. In the end, a redist repack of every version there is under the sun was the only solution that worked 100%. Mind you, this software works with AD, so it’s not something run locally, this thing uses TCP/IP.