It isn’t and developers have to constantly fight with networkmanager, systemd resolved, dhclient, resolvconf quirks. Hence why Proton and Mullvad state the officially supported OSes that are claimed to be tested to have no leaks. An average Linux user doesn’t even know that his wg-quick command will result in ipv6 leaks (reminding myself to paste a citation straight from this forum), or that networkmanager usage might lead to dns leakage due to dns priority or ignore-auto-dns.
PG should ideally mention those facts. dngray has great points regarding VPN clients on the consumer OSes.
not relying on glibc or musl to make syscalls and handle dns caching themselves is bad coding?
ProtonVPN is 100% guilty of leaking on Linux, i can tell you that without going through test suite. Legitimate programs get confused about the default binded interface all the time.