[ownagefool]

I disagree that it's the job of a random ops person to ensure that a developers dependencies are sane.

Putting the onus on the developer to do a good job with regards to secure development practices is an essential part of a wider system.

[jaabe]

Oh I agree with that completely, but it’s very easy for developers to get away with shitty practices in a lot of shops.

[__oh_es]

Agree with you but this goes the other way too - Ops not allowing security patching or upgrading of systems because "they work".