Comment by electric_mayhem

The UNIX philosophy (about which there’s a book by the same name by Michael Gancarz, and which I highly recommend) Is that each tool should do one thing and do it well.

The old school init styles, whether BSD or SysV, adhere to that philosophy.

Systemd is a travesty. I think it was about a decade ago that there was a remotely exploitable root equivalent compromise in the system DS built in DNS resolver. And these days includes not just DNS but also privilege escalation and who knows what else

It’s probably fine for most people and most purposes. And by fine, I mean most people can probably use it and never see a live exploited against it.

And if you care about security, you can probably apply enough mitigating controls that it’s not gonna be a disaster for you.

But for me, defense in depth means avoiding systems to begin with and not trying to bandit over the problems with it