2. Ship a single container that only needs to be QA’d once, works
    everywhere, and has no dependencies except for the Linux kernel.
    I get to update dependencies when *I* want to, and don’t have
    to worry about breaking user’s systems.  I can even ship a
    shell script wrapper so that the container can be invoked as
    a binary.

It’s pretty easy to see why someone would go with option 2.

Of course this is better for you, as a developer, but it is bad for
me as a user.
There is a reason why a "distribution" exists, centralized control
of everything with rpm, yum, logrotate, ...

+1

Such decision force me (as a user) to use that container.

And it is a huge a pain to use it on bare metal or in modified container.

You basically shift the burden from developers to users.

Miroslav