Although it was already published 6 years ago, I felt that this post was really interesting to read in the light of the log4j debacle.
You know what this reminds me of? docker. Slap all your dependencies together into one big sandwich. Tbh it also reminds me of git - fork and merge from upstream.
I generally don’t do this, but I think maybe that’s because the tooling isn’t there for fork and pull from upstream dependency management.