Question, how does this work for stuff like Heartbleed? Do you have to download a diff for every single app that uses OpenSSL? Or is it smart enough to grab one copy of the new library? For that matter, is this going to mean you need to wait for each application to get a new version of openssl in it's "package"?
I have been hoping for something like this for some time. I do wonder how large the duplication will be if every app includes all of its dependencies. Maybe some core libraries will still be shared?
The article mentions cryptographically signed packages as a new feature over APT, but APT has had that for ages.
