lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 16 days agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square12linkfedilinkarrow-up172arrow-down15cross-posted to: programming@programming.dev
arrow-up167arrow-down1external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 16 days agomessage-square12linkfedilinkcross-posted to: programming@programming.dev
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up12·16 days agoEvery dependency you don’t update is a zero day waiting to happen. All software carries risk.
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up1·16 days ago Every dependency you don’t update is a zero day waiting to happen. All software carries risk. In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right? You’re so close to realising the reason enterprise distros do backports.
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up2·15 days ago you’re advocating updating without checking, Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.
Every dependency you don’t update is a zero day waiting to happen. All software carries risk.
In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right?
You’re so close to realising the reason enterprise distros do backports.
Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.