[numair]

... And this is why you want to discontinue products and services your engineers can't be motivated to maintain. Amazing.

This should scare anyone who has ever left an old side project running; I could see a lot of companies doing a product/service portfolio review based on this as a case study.

[skj]

But I heard that discontinuing unstaffed projects was evil?

[iffycan]

I recently deleted a decade old CGI script called "db" that would execute arbitrary database queries for you. No one remembered it was there.

[spindritf]

Or just move it to some cheap VPS where it cannot damage other services or your infrastructure.

[adaml_623]

Or your reputation or your ethical and possibly legal duty to protect your clients?

[spindritf]

Compartmentalization is part of that.

[TeMPOraL]

Protect your clients by fixing the product even if the engineers don't care much anymore, not by suddenly discontinuing something your clients came to depend upon, without even giving them alternatives.

[cookiecaper]

Most of the time projects are not neatly encapsulated like that.

[SixSigma]

Shouldn't they be there in the first place?

Even better, host on your competitor's servers.

[dannypgh]

Reputation is a form of infrastructure.

[skybrian]

I'm quite happy with App Engine for unmaintained side projects. Very few upgrades are needed and your crufty code is quite well encapsulated. For something like the heartbleed bug there's nothing to do.

[njharman]

Or have policy of replying with humor and bounties. So the rest of the world happily finds your vulnerabilities for you.

Works for small, old, etc products as the value of breech will probably be less than value of bounty + cred.

[pjc50]

On that subject, https://news.ycombinator.com/item?id=7572414