|
|
|
|
|
|
by my123
1695 days ago
|
|
|
It's much more complex than that. Security bugs have different levels of severity, with different reactions to those. Let's for example see the Microsoft ESU policy:
https://docs.microsoft.com/en-us/lifecycle/faq/extended-secu... For Windows 7, only Critical and Important security updates are shipped to those _paying_ customers. This leaves Moderate and Low as uncovered. For Linux: http://www.kroah.com/log/blog/2018/08/24/what-stable-kernel-... > Older LTS release > There is one huge caveat when using a kernel like this. The number of security fixes that get backported are not as great as with the latest LTS release, because the traditional model of the devices that use these older LTS kernels is a much more reduced user model. These kernels are not to be used in any type of “general computing” model where you have untrusted users or virtual machines, as the ability to do some of the recent Spectre-type fixes for older releases is greatly reduced, if present at all in some branches > So again, only use older LTS releases in a device that you fully control, or lock down with a very strong security model (like Android enforces using SELinux and application isolation). Never use these releases on a server with untrusted users, programs, or virtual machines. |
|
|