lemmyreader@lemmy.ml to linuxmemes@lemmy.worldEnglish · 1 year agoBackdoorslemmy.mlimagemessage-square31fedilinkarrow-up121arrow-down10file-text
arrow-up121arrow-down1imageBackdoorslemmy.mllemmyreader@lemmy.ml to linuxmemes@lemmy.worldEnglish · 1 year agomessage-square31fedilinkfile-text
minus-squareacockworkorange@mander.xyzlinkfedilinkarrow-up1·1 year agoDo you really need to download new versions at every build? I thought it was common practice to use the oldest safe version of a dependency that offers the functionality you want. That way your project can run on less up to date systems.
minus-squareacockworkorange@mander.xyzlinkfedilinkarrow-up1·edit-21 year agoSo only protects like Debian do security backports? Edit: why the downvote? Is this not something upstream developers do? Security fixes on older releases?
minus-squareKelly@lemmy.worldlinkfedilinkEnglisharrow-up1·1 year agoBackports for supported versions sure,. That’s why there is an incentive to limit support to latest and maybe one previous release, it saves on the backporting burden.
minus-squaretreadful@lemmy.ziplinkfedilinkEnglisharrow-up1·1 year agoOkay, but are you still going to audit 200 individual dependencies even once?
minus-squareacockworkorange@mander.xyzlinkfedilinkarrow-up0·1 year agoThat’s what the “oldest safe version” is supposed to address.
minus-squaretreadful@lemmy.ziplinkfedilinkEnglisharrow-up1·1 year agoBecause everything is labeled safe and unsafe, right?
minus-squareacockworkorange@mander.xyzlinkfedilinkarrow-up0arrow-down1·1 year agoYour snark is tremendously conducive for a conversation. Go touch some grass.
Do you really need to download new versions at every build? I thought it was common practice to use the oldest safe version of a dependency that offers the functionality you want. That way your project can run on less up to date systems.
deleted by creator
So only protects like Debian do security backports?
Edit: why the downvote? Is this not something upstream developers do? Security fixes on older releases?
Backports for supported versions sure,.
That’s why there is an incentive to limit support to latest and maybe one previous release, it saves on the backporting burden.
Okay, but are you still going to audit 200 individual dependencies even once?
That’s what the “oldest safe version” is supposed to address.
Because everything is labeled safe and unsafe, right?
Your snark is tremendously conducive for a conversation. Go touch some grass.