Or NixOS/Guix, which treat the system as immutable (ie. in Nix pretty much everything but the Nix store at /nix is built after boot anyway). Or macOS by using a read-only system volume.
The grandparent bug is as much a failing of the grandparent's script as the OS, which exposes itself as one global mutable namespace.
The grandparent bug is as much a failing of the grandparent's script as the OS, which exposes itself as one global mutable namespace.