[colemickens]

My dotnet core containers are rebuilt from scratch and redeployed every 20 minutes or so. If there's a security bug in the base OS layer of my container or in the .NET runtime, I'll have it in less than a half hour.

Not too hard, if you have some standard practices in place.

[colemickens]

I always enjoy wondering what sort of person downvotes a comment like this. I can't help but feel it's someone with shame/guilt for not having CI/CD in place.

But yeah, if that's too much to ask for, just don't ship the framework in your project. You can still have it installed as a system package. But to be frank, it's nearly the same problem, just in a different spot.

[cm2187]

The .net framework of the OS gets updated with Windows Update automatically. It is not the same problem at all.

I obviously didn't downvote but I do understand the downvotes: it is unrealistic to expect every website to be actively maintained forever. I am sure he deploys a new version every 20 minutes of his current project. I would be curious to know how many versions a year he deploys of the projects on which he worked 5 or 7 years ago and from which he moved on.

The world is filled with legacy applications, libraries and websites. Pretending that the code we write today will always be actively maintained and supported is just unrealistic.