lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 4 days agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square12fedilinkarrow-up177arrow-down16
arrow-up171arrow-down1external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 4 days agomessage-square12fedilink
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up13·4 days agoEvery dependency you don’t update is a zero day waiting to happen. All software carries risk.
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up1·4 days ago Every dependency you don’t update is a zero day waiting to happen. All software carries risk. In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right? You’re so close to realising the reason enterprise distros do backports.
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up2·3 days ago you’re advocating updating without checking, Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.
Every dependency you don’t update is a zero day waiting to happen. All software carries risk.
In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right?
You’re so close to realising the reason enterprise distros do backports.
Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.