|
|
|
|
|
|
by ethbr0
1887 days ago
|
|
|
The fundamental tension is between efficiency and security. Trust permits efficiency, at the cost of security (if that trust is found to be misplaced). A perfectly security system is only realized by a perfectly inefficient development process. We can get better at lessening the efficiency tax of a given security level (through tooling, tests, audits, etc), but for a given state of tooling, there's still a trade-off. Different release trains seem the sanest solution to this problem. If you want bleeding-edge, you're going to pull in less-tested (and also less-audited) code. If you want maximum security, you're going to have to deal with 4.4. |
|
|