lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 2 days agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square11fedilinkarrow-up171cross-posted to: programming@programming.dev
arrow-up171external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 2 days agomessage-square11fedilinkcross-posted to: programming@programming.dev
minus-squareearthworm@sh.itjust.workslinkfedilinkEnglisharrow-up14·1 day ago The careful reader may note that my title is not quite accurate. It’s not every dependency you add that’s a problem; it’s every dependency you update. Why not put that in the title, Mr. Hoyt?
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up13·1 day agoEvery dependency you don’t update is a zero day waiting to happen. All software carries risk.
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up1·1 day ago Every dependency you don’t update is a zero day waiting to happen. All software carries risk. In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right? You’re so close to realising the reason enterprise distros do backports.
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up2·22 hours ago you’re advocating updating without checking, Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.
Why not put that in the title, Mr. Hoyt?
Every dependency you don’t update is a zero day waiting to happen. All software carries risk.
In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right?
You’re so close to realising the reason enterprise distros do backports.
Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.