Hacker News new | ask | show | jobs
by chaps 51 days ago
Friend, considering the supply chain attacks going on these days, automatically updating everything, immediately, probably isn't the perfect move either.
2 comments
bluGill 51 days ago
You need to automatically update from a trusted source. That source better audit and update constantly. Which is hard.
link
LtWorf 50 days ago
Stable distributions have security teams.
link
askl 51 days ago
Ignoring the real benefits of security updates to prevent the unlikely event of supply chain attacks sounds like a weird tradeoff.
link
chaps 50 days ago
A weird tradeoff but an increasingly important tradeoff to keep in mind nonetheless. Like I said, updating immediately isn't a perfect answer. But neither is waiting. I hope you're having this discussion, at least.
link