It became acceptable along with containers, so that the very OS the script is working on, is already isolated and disposable. You also mentioned dozens of packaging solutions. Which package manager should a single developer target first? Which package manager offers safety assurances enough that a customer wouldn't need to "personally verify each line" of the package manager's script?