> This comes up a lot, but how often do you end up in a scenario where there's a critical security hole and you _can't_ patch it because one program somewhere is incompatible with the new version? Maybe even a program that isn't security critical.

That’s not the point. The point is having to find and patch multiple copies of a library in case of vulnerability instead of just one.

Giving up the policy to enforce shared libraries would just make the work of security teams much harder.