Security Updates Debate
The cluster discusses the pros and cons of software security updates, including risks of new vulnerabilities from updates, the necessity of timely patching to avoid exploits, and debates on update frequency and manual vs. automatic application.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Security patches and general updates are not distinct anymore. You might aswell end up with more bugs by updating.
... then isn't it not a big deal to commit to security updates?
Updates may be a security threat too… didn’t log4j become a security treat _because_ it had been updated?
"Don't give me security updates every time there's a security issue. Instead do it occasionally because I like my vulnerabilities to be a surprise"
Not until theres a critical security vulnerability where you must upgrade.
the alternative is leaving software eternally insecure as people will not update them. and of those that will, 99.99% (probably not an exaggeration) will not have the interest, time, or ability to review code changes before updating.
Not updating a package is the best way preventing security flaws to get fixed
Not everyone cares about security updates.
That depends on updates never introducing new vulnerabilities.
Fine, you're okay with old bugs. You're pretending that that's the main issue though. What's your excuse for punting on security updates?