And then you just make sure all the libraries you use have no vulnerabilities ever, so they don’t need a way to be updated. Smart!

They get updated after I conduct regression testing and release a new build of my software.

And you will never be slow in updating the software (or disappear) so it doesn’t matter you’re essentially creating a mini distro you have to keep updating forever! And also the user magically gets notified that there is a new version or it automatically updates the cd the user is running it from.

And the same goes for the other 20 apps the user uses of course, that all need things like an ssl library. They all have responsible maintainers that can be trusted to promptly regression test, build, package and release every update in the libraries the user doesn’t know they are using. You’d think it is impractical but actually it’s very easy. Apparently.

After my company "disappears" as you've suggested it's only a matter of time before said libraries, despite their best efforts, introduce application-breaking changes. Short of open-sourcing the whole thing (which actually is a possible contingency plan in the cards) all I'd be doing is foisting an unsolvable problem onto my users.

Even if I wasn't embedding DLL's into my binary it's not like users would be dropping in updated copies of them alongside my app.

I understand what you're getting at but it only works if you can outsource package management to competent distro maintainers (not a thing on Windows), and ultimately in my own experience as a user with decades of computing experience I've had a heck of a lot more problems from faulty updates than I ever have from vulnerabilities.

So instead of the application no longer starting, they get an application that starts fine but quietly allows them to get hacked and become part of a botnet and perpetuate ransomware.

Exactly my thoughts. The Linux guys have been discussing the merits of package management and various related systems since I started getting interested in computers.

Yet after all this time they have not come close to something as simple as the double click to run .exe or self-installing binary you can find on windows (macOS also has completely self-contained apps). So having managed linux servers and relatives I'm a bit confused that we are still there, discussing the merits of stupid packaging software, that follow some sort of ideal but never actually work properly (at least, scale very badly and react poorly to changes).

Everything he said about docker is true but it also applies to the regular package management in various linux distros. In the age of very fast upload bandwidth and very affordable storage, docker is even more suspicious against a regular lightweight VM. Doesn't have as good of security separation, more annoying to reproduce and required more setup; VM bit for bit copy is also extremely simple. I believe one reason we got docker is because they couldn't figure out how to partition hardware at the machine level efficiently so instead, they partitioned CPUs. Easier to manage in hardware, more of a pain in software...

But the reason no user facing operating system ever uses this kind of software management is that it never works, no matter the ideals, a lot like communism. What a waste of time, I guess at least it makes for some fun discussion from time to time.