I'm just trying to wrap my head around this, how could something solve dependency hell when developers are just messing with their sh*t? Distributions won't package it if it's too shitty, and it's a sh*t that could explode anytime even if you let the dev to package it into an universal sh*t block. It seems that it's rarely done in the ideal way.
okay, there's a more polite version
https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare