lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 1 个月前Every dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square12fedilinkarrow-up177arrow-down16cross-posted to: [email protected]
arrow-up171arrow-down1external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 1 个月前message-square12fedilinkcross-posted to: [email protected]
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up1·1 个月前 Every dependency you don’t update is a zero day waiting to happen. All software carries risk. In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right? You’re so close to realising the reason enterprise distros do backports.
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up2·1 个月前 you’re advocating updating without checking, Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.
In the same breath you’re advocating updating without checking, and saying why that’s an issue. You … realize that, right?
You’re so close to realising the reason enterprise distros do backports.
Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.