• affenlehrer@feddit.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      15 hours ago

      It’s a gamble though unless you only do security updates. New features might bring new security issues.

    • Jerkface (any/all)@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      4
      ·
      edit-2
      17 hours ago

      If your system is secure, updating it can only make it insecure. If that is your one and only priority, you have to review updates before applying them, and since you have thoroughly investigated your entire stack up to this update and that version also has your real-world testing behind it, you’re probably not going to apply most updates until some other priority comes along or you discover a previously unknown vulnerability.

      • fizzle@quokk.au
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 hours ago

        If your system is secure, updating it can only make it insecure.

        This “logic” overlooks a number of issues.

        Firstly, no system is “secure”, only more so or less so given a specific threat model.

        Secondly, a system can become less secure without any changes, as exploits are discovered.

      • nymnympseudonym@piefed.social
        link
        fedilink
        English
        arrow-up
        8
        ·
        14 hours ago

        If your system is secure, updating it can only make it insecure

        The Internet has been an adversarial environment since at least 1988

        Thanks to recent AI advances, new security vulnerabilities are being found at a crazy pace in all layers of the stack, from firmware to GUI.

        1zOYXItTY9LRxkE.png

      • Opisek@piefed.blahaj.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        16 hours ago

        I mean, yes, if you can guarantee that all your software stack in 100% secure. In reality this is unfeasible on even mathematically impossible to do formally (reducible to the halting problem). So while bugs keep being found in things like the Linux kernel (naturally, nothing is immune to oversight), and they’re always going to be, keep your software up to date.

        • tomalley8342@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          2 hours ago

          even mathematically impossible to do formally (reducible to the halting problem).

          Nah, if the programs are not arbitrary (and I hope they’re not, considering that you chose them) then it doesn’t reduce to that. But you are right that it is not feasible for most industries and he is right that in some industries it is not only feasible but required.

        • Jerkface (any/all)@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 hours ago

          If security is the one and only priority, you wouldn’t be running a goddamn desktop environment and all that other baggage. You absolutely would be auditing your entire stack. Because security is the one and only priority. I didn’t pose the hypothetical, but that’s the necessary consequence.