Hacker News new | ask | show | jobs
by krcz 11 days ago
Or no one is to blame, if the mechanism of the regression is complex and non-obvious based just on the patch itself.
1 comments
pishpash 11 days ago
Or they are to blame because they misplaced responsibility in a tool's universality to not introduce regressions, even complex and non-obvious ones.
link
tpm 11 days ago
or they are not to blame because they accepted the possibility of a regression when fixing 6 CVEs
link
pishpash 11 days ago
Or they are to blame because fixing 1000 CVE's doesn't magically absolve one of responsibility for regression bugs, even if one "accepts" them as a psychological salve.
link
tpm 10 days ago
If you are entitled enough then they are to blame they didn't fix everything at once, but in that case you really should be paying for their product and support. Otherwise fixing security issues has high enough priority to accept there might be downstream bugs that will be fixed in due course.
link