lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 4 days agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square12fedilinkarrow-up177arrow-down16
arrow-up171arrow-down1external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 4 days agomessage-square12fedilink
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up1·4 days ago Every dependency you don’t update is a zero day waiting to happen. All software carries risk. In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right? You’re so close to realising the reason enterprise distros do backports.
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up2·4 days ago you’re advocating updating without checking, Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.
In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right?
You’re so close to realising the reason enterprise distros do backports.
Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.