He's absolutely right. I have come to the conclusion that we must do one thing: Stop sharing. Shared libraries and language runtimes are a relic of the past when memory and storage were orders of magnitude smaller. Bundle all dependencies and throw out the package managers!
Why the entire OS? All applications using a particular library would have to be updated individually, which is a drawback. So be it. Every solution has its drawbacks. I suspect that a system with a labyrinthine dependency graph is less robust and less secure. Don't forget that sharing a library doesn't just mean sharing bug fixes, it also means sharing bugs.
You mean upgrade applications that depend on that core library. Which you have to do anyway since a patched library will not be bug-compatible with the old one.
That's the biggest issue, if you test with library version X and run with library version Y, then any sufficiently complicated program will have bugs that would have been found by testing with the same version of the library you run with.
Responsible library maintainers ensure that security fixes and subminor releases are drop-in replacements. No distro rebuilds the world under these circumstances.
