lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 2 days agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square11fedilinkarrow-up170cross-posted to: programming@programming.dev
arrow-up170external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 2 days agomessage-square11fedilinkcross-posted to: programming@programming.dev
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up13·1 day agoEvery dependency you don’t update is a zero day waiting to happen. All software carries risk.
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up1·22 hours ago Every dependency you don’t update is a zero day waiting to happen. All software carries risk. In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right? You’re so close to realising the reason enterprise distros do backports.
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up2·20 hours ago you’re advocating updating without checking, Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.
Every dependency you don’t update is a zero day waiting to happen. All software carries risk.
In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right?
You’re so close to realising the reason enterprise distros do backports.
Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.