undefined | Better HN

0 pointskosolam3y ago0 comments

Maybe that’s the point of the author. But I completely disagree.

0 comments

If programmers could write secure code from the start, then security updates wouldn't be needed.

Years of experience have shown that programmers can't write secure code from the start. Maybe some day we'll have languages & tools that allow for network-connected programs that never need security updates, but today is not that day.

Attackers often exploit vulnerabilities reasonably quickly, so updates have to happen soon after vulnerabilities are discovered.

So we need timely updates, and we keep needing updates. Unless we define "updating software" as not contributing to maintenance, I'd say my point stands.

The maintenance is made even harder for distributions like Debian that want to backport security fixes without backporting feature changes or other refactorings. That produces a lot of extra work for the maintainers, and those maintainers aren't usually as familiar with the code as the authors further increasing the maintenance burden.

j / k navigate · click thread line to collapse

0 comments

SAI_Peregrinus3y ago

If programmers could write secure code from the start, then security updates wouldn't be needed.

Attackers often exploit vulnerabilities reasonably quickly, so updates have to happen soon after vulnerabilities are discovered.

So we need timely updates, and we keep needing updates. Unless we define "updating software" as not contributing to maintenance, I'd say my point stands.

j / k navigate · click thread line to collapse