Fedora opens up to bundling

The problem is exact behavioral stability -- software is so fragile that any changes to the environment, no matter how benign or useful -- risks breaking the software. The API can be the same, all it takes is some little race condition, or some change to the behavior of the underlying functions, and boom! breakage results. To keep software working, we basically have to choose between "features that function" and "has useful things like security updates".

Linux distributions have, so far, prioritized security updates, and the feasibility of tracking them. However, I still think that the only right solution is severe hardening of the operating system such that minor problems and buffer overflows in the application or its libraries can only have a limited security impact. It is far more useful to get away from the "egg" security model, aka "the hard shell and soft interior" model than it is to design elaborate update protocols and security requirements that assume we can find the bugs and then patch them without breaking the software in the process in the first place.

So yeah, bring us bundling, but also bring us a security model that ensures that even if there is a buffer overflow or whatever security issue that permits arbitrary code execution, it at best destroys that application's data rather than compromises the entire user account.