[jeen02]

> Printer firmware does not get updates.

Sounds like you've never owned a printer before...

> IF that ever happens, which is super duper unlikely, then kill it since the clients are unfixable.

So have a possible security hole with no active developers until a third party finds a vulnerability, then shut it down?

> But this is not an ongoing cost.

You would still require SRE support for keeping this thing up running. You would also open yourself up to a lot of risk, losing user trust and potential lawsuits if it ever was hacked.

Everything you wrote sounds like an elaborate troll but I'm assuming that you've just never worked on a large system before.

[ce4]

https://www.google.com/cloudprint/learn/printers/

Yep, to highlight some problems on the printer firmware side:

- outdated RootCA list, forcing Googles endpoint to stay on old CAs

- devices not supporting newer TLS versions like TLS1.2, TLS1.3 etc

- ossification of auth mechanism

[kllrnohj]

> So have a possible security hole with no active developers until a third party finds a vulnerability, then shut it down?

This is true of every internet protocol. Being staffed at all does not mean the protocol or server has active security research being done on it. It usually doesn't. Taking people off of the work of constant churn from refractors and internal tail chasing doesn't actually change much.

> Sounds like you've never owned a printer before...

Sounds like you're just trolling but I'm going to assume you've just never seen a printer or worked on a stable system before.