I wonder where we'd be if we'd stopped relying on system packages to provide dependencies for C / C++. It is positively miserable to have to pollute your system when a codebase written in Go / Rust / your favourite modern language Just Works out of the box.

With a central, curated, audited package repository where publishing rights are given to absolutely everyone then supply chain attacks in C and C++ would be even easier.