[tempaccount5050]

I haven't updated mine. I have a firewall and it's not exposed to the Internet. Need a key to SSH in. Same with my public facing server. Almost none of these exploits are "drop everything now and patch" unless you are somehow exposing yourself stupidly.

[mnw21cam]

It's a "drop everything and patch" if you have a large multi-user server where you don't completely trust all of the users. Like say in a university with a server that students can log in to, like I have just had the joy of updating (and had RHEL break ZFS on me yet again).

But yes, in most other cases no it isn't a "drop everything" exploit - but it does mean one less layer in the multi-layer security, as unprivileged remote exploits now become root-access remote exploits.

[rithdmc]

> unless you are somehow exposing yourself stupidly

Or, y'know, offer some forms of compute as a service.

[INTPenis]

I understand where you're coming from, it's no reason to panic.

But this kind of thinking can be dangerous because it implies that your systems don't talk to the outside world at all, which they obviously do. I mean a very glaring example is container images, so it definitely takes more than a firewall and ssh keys to stay safe in general.

[baq]

If you’re running any sort of CI you’re probably going to have a bad couple of days if everything goes well

[HugoTea]

To be honest, CI has always been a massive risk, I'm a bit miffed at how blasé some people are about providing runners.

[yread]

unless you run pinned CI runners on hardware you control