Debian is a bad choice if you want to package go applications (or rust apps, for that matter). Debian requires that all those little static dependencies be individually packaged. Common container software like lxd, podman, and umoci are not found in Debian.
The following distributions package LXD (that I know of):
* Void Linux
* Alpine Linux
* Arch Linux
* Gentoo
Some of those are more suitable for production installs than others, but if you know what you are doing and manage your deployments well, all of them could work.
Do you happen to know _why_ Debian decided to require that for Go projects? It's so absurdly complicated.
I've been looking into .deb packaging for Caddy but it really feels like they require us to jump through too many hoops to make it happen. I'd much rather just ship a prebuilt binary.
Security. Dynamically linking stuff is always going to be better than statically linking. Do you trust upstream to keep track of security issues and rebuild in the absurd dependency tree that is Golang software? Or the multi-year old effort which is the current Debian security team?
The reason why it's absurdly complicated is solely on the Golang team, not Debian.
I was not aware. Too late to edit now, but that is indeed a great option! Rolling release is a bit ambitious for a hyperlink without nixos like features.
Funny. I have been working on a blogpost detailing the silly things I encountered while packaging LXD properly for Arch Linux. Should probably finish it up one of these days.
The following distributions package LXD (that I know of):
* Void Linux
* Alpine Linux
* Arch Linux
* Gentoo
Some of those are more suitable for production installs than others, but if you know what you are doing and manage your deployments well, all of them could work.