Hacker News new | ask | show | jobs
by therealmarv 2 days ago
As if supply chain attacks could have been prevented by 2fa or passkeys always.

You want delays by x days because supply chain attacks get caught very often within 1-2 days. And if you really really want to make an exception for a zero day then that's no problem and you can still quick patch by exclusion of that rule. They don't contradict in a unsolvable problem. You want both, you get both.
1 comments
doctorpangloss 2 days ago
How do you know what's a zero day fix?

(You write something)

So then you have to check every package's updates and decide if you update, yes?

link
tuwtuwtuwtuw 1 day ago
Yes, you need to check security issues reported for packages and then take a decision. What is the alternative?
link