undefined | Better HN

0 pointsphkahler2y ago0 comments

So upgrade the whole thing. It's open source so in most cases that's possible.

0 comments

You're shifting more work onto distros and users that shouldn't be work in the first place, and basically preventing non-linux literate people from using their OS.

If I install software on MacOS or Windows, I don't have to care if it was packaged for an older version etc, or that my distro may not package a dependency.

diffeomorphism2y ago

> shouldn't be work in the first place.

It seems very much intentional. You could just keep multiple different, vulnerable versions around and keep everything working. Instead distros say "Nope. We support exactly one version. Update or die."

That is also why you have runtimes, grafting, support sunset,... . I agree that a different trade off makes much more sense for desktops. For servers though...

charcircuit2y ago

Most updates aren't security updates. Not all vulnerabilities in a library affect all consumers of that library. Distros don't have every library packaged. Distros often are not often willing shipping patched versions of dependencies. Distros often offer out of date versions of libraries.

1 more reply

Nursie2y ago

Maybe you should, those dependencies may contain vulnerabilities.

j / k navigate · click thread line to collapse